【求助】系统中了病毒，还杀不掉，机器自动从起。高手救命！ bbs.ikaka.com

秋天很快乐 - 2007-1-15 14:16:00

现付上日志，请高手看看
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SiSPower><Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<marsrmt><C:\Program Files\联想（Lenovo）\联想天骄遥控器（Mars）\marsrmt.exe> [N/A]
<SKDaemon><c:\Program Files\联想\联想标准键盘\skdaemon.exe> [N/A]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe> [奇虎网]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\自然风光.SCR> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<kav><; "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]

==================================
启动文件夹
[Utility Tray]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Utility Tray.lnk --> C:\WINDOWS\system32\sistray.exe [Silicon Integrated Systems Corporation]><N>
[Adobe Gamma Loader.exe]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.exe.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[卡巴斯基反病毒6.0 / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Brother Popup Suspend service for Resource manager / brmfrmps]
<"C:\WINDOWS\system32\Brmfrmps.exe" -service ><Brother Industries, Ltd.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Lenovo TV Recoding / Lenovo TV Recoding]
<C:\Program Files\Lenovo\数码家电\lxRecSvr.exe><N/A>
[SCCMonitor / SCCMonitor]
<"C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe"><N/A>
[Vsn upjm Service / upjm]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\xvps\esws.dll,Service><Microsoft Corporation>

==================================
驱动程序
[00003018 / 00003018]
<\SystemRoot\system32\drivers\00003018.SYS><N/A>
[Albus / Albus]
<\SystemRoot\system32\drivers\Albus.SYS><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Brother MFC Filter Driver / brfilt]
<System32\Drivers\Brfilt.sys><Brother Industries Ltd.>
[Brother Multi Function Parallel Image driver / brparimg]
<system32\DRIVERS\BrParImg.sys><Brother Industries Ltd.>
[Brother WDM Parallel Driver / BrParWdm]
<System32\Drivers\BrParwdm.sys><Brother Industries Ltd.>
[Brother Serial driver / BrSerWDM]
<System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm]
<System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Scanner driver / BrUsbScn]
<System32\Drivers\BrUsbScn.sys><Brother Industries Ltd.>
[Conexant 23880 Video Capture / CX23880]
<system32\drivers\cx88vid.sys><N/A>
[Conexant 2388x Crossbar / CX88XBAR]
<system32\drivers\CX88XBAR.sys><N/A>
[Conexant 2388x Tuner / CXTUNE]
<system32\drivers\CX88TUNE.sys><N/A>
[FixDrv / FixDrv]
<C:\WINDOWS\SYSTEM32\DRIVERS\FixDrv.SYS><N/A>
[HOSTNT / HOSTNT]
<\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[HpaFilt / HpaFilt]
<C:\WINDOWS\SYSTEM32\DRIVERS\HpaFilt.SYS><Lenovo Software inc.>
[kl1 / kl1]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MHDRV / MHDRV]
<\??\C:\WINDOWS\system32\drivers\mhdrv.sys><SafeNet China Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RCMHDOG / RCMHDOG]
<\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><SafeNet China Ltd.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023]
<system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide]
<\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[PS/2 Keyboard Filter Driver for WinXp / Skkbdf]
<system32\DRIVERS\Skkbdf.sys><Silitek Corp.>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[SafeNet MicroDog USB Device Driver / UsbC]
<System32\Drivers\rcusbwdm.sys><SafeNet China Ltd.>

秋天很快乐 - 2007-1-15 14:21:00

浏览器加载项
[rmgj]
{5C356A96-643A-48E7-AB31-D8DBB020A4F6} <C:\PROGRA~1\COMMON~1\xvps\bwtw.dll, N/A>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[rmgj]
{5C356A96-643A-48E7-AB31-D8DBB020A4F6} <C:\PROGRA~1\COMMON~1\xvps\bwtw.dll, N/A>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[>>彩信发送<<]
<res://C:\PROGRA~1\vision\vision.dll/mms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 500][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 644][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\vision\vision.dll] [, 1, 2, 0, 7]
[C:\PROGRA~1\vision\alvsn.dll] [N/A, 1, 0, 0, 4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 1392][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\brmfpmon.dll] [Brother Industries,Ltd., 2.01]
[PID: 1736][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.27]
[PID: 1748][C:\Program Files\联想（Lenovo）\联想天骄遥控器（Mars）\marsrmt.exe] [N/A, N/A]
[PID: 1760][C:\Program Files\联想\联想标准键盘\skdaemon.exe] [, 1, 0, 0, 1]
[C:\Program Files\联想\联想标准键盘\MacFun.dll] [Silitek, 1, 0, 0, 0]
[C:\Program Files\联想\联想标准键盘\OpenDriver.dll] [Silitek, 1, 0, 0, 0]
[C:\Program Files\联想\联想标准键盘\OSD.dll] [silitek, 1, 0, 0, 1]
[C:\Program Files\联想\联想标准键盘\lxkeyled.dll] [Silitek, 1, 0, 0, 1]
[PID: 1796][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[PID: 1804][C:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 1, 0, 1, 1002]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 1, 2000]
[PID: 1820][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1832][C:\WINDOWS\system32\sistray.exe] [Silicon Integrated Systems Corporation, 0.0.0.3670]
[C:\WINDOWS\system32\SiSApCom.dll] [Silicon Integrated Systems Corporation, 0.0.0.3670]
[C:\WINDOWS\system32\SiSBase.dll] [Silicon Integrated Systems Corporation, 6.14.10.3671]
[PID: 2008][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl] [Kaspersky Lab, 6.0.0.299]

秋天很快乐 - 2007-1-15 14:21:00

[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll] [N/A, N/A]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll] [Kaspersky Lab, 6.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll] [Kaspersky Lab, 6.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll] [Kaspersky Lab, 6.0.0.1]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 2020][C:\WINDOWS\system32\Brmfrmps.exe] [Brother Industries, Ltd., 1.10.10.144]
[PID: 180][C:\Program Files\Lenovo\数码家电\lxRecSvr.exe] [N/A, N/A]
[C:\Program Files\Lenovo\数码家电\rcConfig.dll] [, 1, 0, 0, 1]
[PID: 188][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 376][C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe] [N/A, N/A]
[PID: 432][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\BrMfWia1.dll] [Brother Industries, Ltd., 2.1.1.6 built by: WinDDK]
[C:\WINDOWS\system32\BrRsmSti.dll] [Brother Industries, Ltd., 1, 1, 0, 3]
[C:\WINDOWS\system32\BRMFBIDI.dll] [Brother Industries, Ltd., 1.45.15.340]
[C:\WINDOWS\system32\BRSCNRSM.dll] [Brother Industries,Ltd., 1.0.0.14]
[PID: 520][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\COMMON~1\xvps\esws.dll] [, 1, 2, 0, 8]
[PID: 544][C:\Program Files\lenovo\联想智能控制中心\SCC\LenovoSmartControlCenter.exe] [N/A, N/A]
[C:\Program Files\lenovo\联想智能控制中心\SCC\LxSimpleOsd.dll] [, 1, 0, 0, 1]
[C:\Program Files\lenovo\联想智能控制中心\SCC\QuakeII.dll] [http://www.lenovo.com, 2.0]
[C:\Program Files\lenovo\联想智能控制中心\SCC\Remled.dll] [N/A, N/A]
[PID: 688][C:\WINDOWS\system32\BRMFRSMG.EXE] [Brother Industries, Ltd., 1.45.15.340]
[C:\WINDOWS\system32\BREVIF.dll] [Brother Industries, Ltd., 1.45.15.340]
[C:\WINDOWS\system32\BrSerIf.DLL] [Brother Industries, Ltd., 1.45.15.340]
[C:\WINDOWS\system32\BrmfUSB.DLL] [Brother Industries, Ltd., 1.45.15.352]
[PID: 1216][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1620][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2508][F:\许莹\tools\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[PID: 2672][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2776][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\vision\vision.dll] [, 1, 2, 0, 7]
[C:\PROGRA~1\vision\alvsn.dll] [N/A, 1, 0, 0, 4]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

秋天很快乐 - 2007-1-15 14:24:00

有没有大侠在呀！！！

tomjay - 2007-1-15 14:26:00

这个我知道，中过...要进安全模式才能杀掉

Jokkkka - 2007-1-15 14:41:00

该用户帖子内容已被屏蔽

咔咔助手中招了 - 2007-1-15 15:03:00

现在出现一种新型的专门对付卡卡助手的病毒，该病毒的表现为：
1。删除卡卡助手，并且不可以安装，如果你强制安装卡卡助手。电脑就会自动关机。
2。这病毒会在你的windows中备份当前对系统的修改。并且在你的系统中加入超级连接（（如果你想进入卡卡社区--这病毒就会把你自动带入一个无法连接的网站中）（如果你想进入google网站就会把你带进baidu搜索引擎里））。
3。你如果想浏览网页。无论浏览什么网址。每过10分钟就会弹出雅虎官方网站。
4。不能进安全模式。不能用文件备份。如果使用文件备份这病毒就会在你还原备份里加入黑色按扭。如果进入就会重起。
5。该病毒还会随着你的举动逐步升级。一旦你未成功删除它他就会变形，升华，具体为《我安装了以前的瑞星助手1。0。11版本他没有重起。但是我把助手升级到3。0版本以后该病毒就会把你的机器重起。并且还不能安装1。0。11版本。
6。唯一的徒进只可以用用户系统调试模式进入安全模式。我用的是xp系统希望卡卡助手公司或瑞星公司提早研究出解决方按
建议卡卡出个没有漏洞的版本，或者瑞星升级杀灭和永远防御这类病毒。因为这类病毒太可怕了，不仅损害了消费者的利益而且还损害了我们对卡卡助手的信心。
这类病毒肯定是某高手制作。肯定背后用两家大公司出的钱聘请。因为这类病毒没有十几个员工花半年时间是做不出来的。后面这两家公司在未查出是谁之前我不想说出是谁。太可恶了

kdyak47 - 2007-1-15 15:12:00

转贴：（希望帮到你）

winStdup、vision文件夹、visver.dll和vision.dll彩信通的清除方法
前天帮一个亲戚整理电脑时，发现了这个流氓软件winStdup，关联网站是www.borlander.cn，注意这个网站很久了，但它始终是禁止访问的，只是在流氓软件上升级时，才用到update这个二级域名，这让我始终没有找到该流氓的样本，所幸在整理这台电脑时，才发现了它的踪迹，很可能是不完全的，但清除掉它，倒不是件难事

卡巴报警visver.dll为Adware.win32.boran.x，但始终无法清除，每开机必存在，貌似部分反流氓软件也无法清除掉它，从它工作方式来看，应该是彩信通MMSAssist的新版本，以下是简单分析

释放文件夹及其它文件
%Program Files%\vision
%System%\almms.dat
%System%\00007c5c.DAT
%System%\drivers\00007c5c.sys

添加BHO
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} %Program Files%\vision\vision.dll

添加鼠标右键
彩信发送
res://%Program Files%\vision\vision.dll/mms.htm

修改或添加注册表服务项
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\00007c5c
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_00007C5C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\00007c5c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\00007c5c

运行特点
1、驱动文件00007c5c.sys始终监视vision文件夹及注册表里的添加项，一旦被删除，则立即自行恢复
2、驱动文件00007c5c.sys名字为随机名，其命名规律为0000+四位随机.sys

解决过程
1、使用冰刃IceSword来删除其添加的注册表信息，还可以通过修改权限来删除
2、使用冰刃IceSword来删除该流氓软件释放的所有文件，主要是0000+四位随机.sys文件
3、使用Sreng的系统修复功能，来删除其添加的BHO以及鼠标右键信息
4、使用CCleaner清理注册表
CCleaner清除第三方软件注册表信息的表现更良好

PS：
1、处理该流氓软件的关键是找到它的驱动文件0000+四位随机.sys，如本次所遇到的
%System%\drivers\00007c5c.sys

2、文中涉及的冰刃IceSword、Sreng等工具，在反病毒常用工具均有下载以及使用方法

3、该流氓软件貌似始终都有更新，部分描述可能与实际情况有所差异，如有差异，请邮件告之

瑞星卡卡安全论坛