瑞星卡卡安全论坛

【求助】手动杀"ANI鼠标漏洞"病毒的方法.

如题.不惜一切代价想杀毒.听说这种病毒即使格盘了以后还是有.所以必须得先清除.请教请教...........

..
  这好象是漏洞吧!~~

置顶贴里有相关内容..

这个,漏洞我已经贴了微软的补丁了,可还是不行.
我用SRE把日志扫描了下,还请麻烦帮看看.


System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <00THotkey><C:\WINDOWS\System32\00THotkey.exe>  [东芝公司]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Alps Electric Co., Ltd.]
    <TouchED><C:\Program Files\TOSHIBA\TouchED\TouchED.Exe>  [东芝公司]
    <Tpwrtray><TPWRTRAY.EXE>  [东芝公司]
    <TosHKCW.exe><"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe">  [TOSHIBA CORPORATION]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)N/A]
    <360Safetray><E:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
    <UPnPMonitor><C:\windows\system32\upnpui.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[eEye Windows Animated Cursor Patch Checker]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eEye Windows Animated Cursor Patch Checker.lnk --> C:\PROGRA~1\EEYEDI~1\WINDOW~1.ANI\ANIPAT~1.EXE [eEye Digital Security]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Application Management / AppMgmt]
  <C:\windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Human Interface Device Access / HidServ]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Windows NetWork Management / NvCore]
  <C:\windows\system32\Rundll.exe><N/A>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\windows\system32\nvsvc32.exe><NVIDIA Corporation>
[Rdpud50pffn / Rdpud50pffn]
  <><N/A>
[IE Security Service / smos]
  <C:\windows\system32\IEService.exe><N/A>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
  <C:\windows\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adiihaib / adiihaib]
  <\??\C:\windows\system32\drivers\adiihaib.sys><N/A>
[ajloco6 / ajloco62]
  <\SystemRoot\System32\DRIVERS\ajloco62.sys><N/A>
[akbrdd0 / akbrdd09]
  <\SystemRoot\System32\DRIVERS\akbrdd09.sys><Microsoft Corporation>
[Alps Pointing-device Filter Driver / ApfiltrService]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[asurzi4 / asurzi48]
  <\SystemRoot\System32\DRIVERS\asurzi48.sys><N/A>
[avast! Standard Shield Support / aswMon2]
  <C:\windows\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
  <C:\windows\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
  <C:\windows\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[dxkjdc7 / dxkjdc77]
  <\SystemRoot\System32\DRIVERS\dxkjdc77.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[evkfnw8 / evkfnw83]
  <\SystemRoot\System32\DRIVERS\evkfnw83.sys><Microsoft Corporation>
[kbakgl6 / kbakgl60]
  <\SystemRoot\System32\DRIVERS\kbakgl60.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\windows\system32\drivers\kmsinput.sys><N/A>
[kvukbo5 / kvukbo53]
  <\SystemRoot\System32\DRIVERS\kvukbo53.sys><N/A>
[mtsdll3 / mtsdll35]
  <\SystemRoot\System32\DRIVERS\mtsdll35.sys><Microsoft Corporation>
[New0 / New0]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pciSd / pciSd]
  <System32\DRIVERS\tossdpci.sys><TOSHIBA>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[rbbnlk7 / rbbnlk76]
  <\SystemRoot\System32\DRIVERS\rbbnlk76.sys><N/A>
[rchzww6 / rchzww64]
  <\SystemRoot\System32\DRIVERS\rchzww64.sys><Microsoft Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\windows\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\C:\PROGRA~1\SkyNet\FireWall\SkyProcs.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA]
  <System32\DRIVERS\smcirda.sys><SMC>
[Sparrow / Sparrow]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[TCP/IP Protocol Driver / Tcpip]
  <System32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TOSHIBA Software Modem / TOSHIBASoftModem]
  <System32\DRIVERS\LTSM.sys><LT>
[TOSHIBA SD Card Host Controller Driver / tsdhd]
  <System32\DRIVERS\tsdhd.sys><TOSHIBA Corporation>
[Toshiba ACPI-Based Value Added Logical Device Driver / TVALD]
  <\SystemRoot\System32\DRIVERS\TVALD.SYS><Toshiba Corporation>
[Toshiba Value Added Logical and General Purpose Device Driver / TVALG]
  <\SystemRoot\System32\DRIVERS\TVALG.SYS><TOSHIBA Corporation>
[VCD VNC Virtual Network Adapter / vcddev]
  <system32\DRIVERS\vcdvnic.sys><VNN B.J.>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[网址大全]
  {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} <http://www.coc.cc, N/A>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\windows\system32\CMBEdit.dll, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 200][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 224][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 268][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 280][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 424][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1212][E:\42006113122516\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  Error. [Notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================