瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 昨天杀了毒今天又有变异!!(附日志在线等,谢谢!)

12   2  /  2  页   跳转

昨天杀了毒今天又有变异!!(附日志在线等,谢谢!)

收藏
南充长乐
头像
初生襁褓狮
  • 帖子:288
  • 注册: 2005-07-01
  • 来自:
发表于: 2007-05-08 09:37 | 只看楼主 短消息 资料
字号: 11楼


    [C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL]  [SEIKO EPSON CORPORATION, 2, 26, 0, 0]
[PID: 1576][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5303]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
[PID: 1604][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\progra~1\klxx\uvhh.dll]  [ , 4, 1, 0, 6]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [c:\progra~1\klxx\zamm.dll]  [ , 1, 0, 0, 6]
[PID: 1648][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1676][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1760][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
[PID: 1788][C:\WINDOWS\System32\cmd.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1916][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
[PID: 1944][C:\WINDOWS\System32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\dllcache\svchost.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 976][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.00]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 1332][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE]  [SEIKO EPSON CORPORATION, 4.00]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 1464][C:\Program Files\Common Files\System\Updaterun.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
[PID: 1660][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [C:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\WINDOWS\System32\WMASF.DLL]  [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
    [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 0, 15]
    [C:\Program Files\Thunder Network\WebThunder\iEmbed09.dll]  [ , 3, 3, 0, 78]
    [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 1, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 1, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [C:\Program Files\Thunder Network\Thunder\Plugins\ThunderKAV\ThunderKAV.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.17]
    [C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [Xunlei, 1, 1, 0, 6]
    [C:\WINDOWS\System32\pdkpri.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 1688][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 2788][C:\Program Files\Adobe\Photoshop CS\Photoshop.exe]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\UID.mr.dll]  [Adobe Systems, Inc., 1, 1, 0, 0]
    [C:\Program Files\Adobe\Photoshop CS\AWSCommonUI.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\AWSSCL.dll]  [Adobe Systems, 4.0.0.34]
    [C:\Program Files\Adobe\Photoshop CS\WebAccessUtils.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\BIBUtils.dll]  [Adobe Systems Incorporated, 1.00.0]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Adobe\Photoshop CS\Photoshop.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Photoshop CS\PSViews.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\PSArt.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUICAIP.DLL]  [SEIKO EPSON CORP., 0. 3. 40, 31]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAIAIP.DLL]  [SEIKO EPSON Corporation, 0. 3. 1. 26]
    [C:\WINDOWS\System32\icm32.dll]  [Microsoft Corporation, 5.00]
    [C:\Program Files\Adobe\Photoshop CS\asn.er.dll]  [Adobe Systems Incorporated, 1.51x3, EndUser, Release]
    [C:\Program Files\Adobe\Photoshop CS\增效工具\扩展\FastCore.8BX]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\PLUGIN.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\增效工具\扩展\MMXCore.8BX]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\Required\ADMPlugin.apl]  [Adobe Systems Incorporated, 2.84pe69a 02.06.17-00:03:36h]
    [C:\Program Files\Adobe\Photoshop CS\Required\PNGIcons.apl]  [Adobe Systems Incorporated, 1.21x7 2001.12.14-1602h.21s]
    [C:\Program Files\Adobe\Photoshop CS\Required\ASDataStream.apl]  [Adobe Systems Incorporated, 1.02x7 02.02.15-01:45:06h]
    [C:\Program Files\Adobe\Photoshop CS\增效工具\解析程序\PDF 增效工具.8BI]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\BIB.dll]  [Adobe Systems Incorporated, 1.1.16]
    [C:\Program Files\Adobe\Photoshop CS\JP2KLib.dll]  [Adobe systems Incorporated, 1.0.28706]
    [C:\Program Files\Adobe\Photoshop CS\增效工具\文件格式\Camera Raw.8BI]  [Adobe Systems Incorporated, 2.0]
    [C:\Program Files\Adobe\Photoshop CS\ACE.dll]  [Adobe Systems Incorporated, 2.05.16]
    [C:\Program Files\Adobe\Photoshop CS\AGM.dll]  [Adobe Systems Incorporated, 4.12.36]
    [C:\Program Files\Adobe\Photoshop CS\CoolType.dll]  [Adobe Systems Incorporated,
gototop
 
南充长乐
头像
初生襁褓狮
  • 帖子:288
  • 注册: 2005-07-01
  • 来自:
发表于: 2007-05-08 09:38 | 只看楼主 短消息 资料
字号: 12楼

4.14.20]
    [C:\WINDOWS\System32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 225]
    [C:\Program Files\Adobe\Photoshop CS\AWSCommonSymbols.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\ARM.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\shfolder.dll]  [Microsoft Corporation, 5.50.4027.300]
    [C:\Program Files\Adobe\Photoshop CS\FileInfo.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\增效工具\Adobe Photoshop Only\自动\脚本支持.8li]  [Adobe Systems Incorporated, 8.0]
    [C:\Program Files\Adobe\Photoshop CS\ExtendScriptIDE.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\ExtendScript.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\ScCore.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINDOWS\System32\c966.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 2892][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\9d1c.dll]  [  , 1, 0, 0, 3]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\WINDOWS\System32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 3076][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\System32\d1c9.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\system32\bghjqcyvfcela.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5303]
    [C:\WINDOWS\System32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5303]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\pdkpri.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.vxd]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\WINWB98.IME]  [Microsoft Corporation, 4.00.950]
[PID: 1068][F:\tools\软件\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [c:\progra~1\klxx\xykk.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\klxx\cdpp.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Internet Explorer\InfoMs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
222.208.183.195et.soujjmh5.com

==================================
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-05-08 09:43 | 短消息 资料
字号: 13楼

病毒不少 加我QQ  通过悄悄话发给你了
gototop
 
南充长乐
头像
初生襁褓狮
  • 帖子:288
  • 注册: 2005-07-01
  • 来自:
发表于: 2007-05-08 10:31 | 只看楼主 短消息 资料
字号: 14楼

我现在登不上QQ,能在这上面说吗?而且CPU随时都是100%!!
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-05-08 10:38 | 短消息 资料
字号: 15楼

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng (就是你扫日志的软件)
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)

<tdhi6mz88><C:\WINDOWS\TEMP\Servera.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\System32\pdkpri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\System32\nospri.dll> [N/A]
<{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.dll> [N/A]
<{90BC520C-9175-470E-94B8-10FD869D170B}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.vxd> [N/A]

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
Performance Moniter / BRGNS
Office Backup Engine / ClipArt
CoolWare / CoolWare
Fast Client / fast
Windows pqcc RunThem / pqcc
Windows InstallService / WindowsDown
WinQJServiceNow / WinQJServiceNow
WinWMServiceNow / WinWMServiceNow
Portable Media / WmdmPWD
用SREng在“系统修复”-“浏览器加载项”中删除:
[Jpeg Class]
{4970DA77-DB06-4EB9-AAB5-77AF0CC77310} <C:\WINDOWS\System32\d1c9.dll, TODO: <公司名>>
[]
{907A3125-34DE-4F9D-8815-BC42059DA9F7} <C:\WINDOWS\system32\bghjqcyvfcela.dll, N/A>
[信息检索]
{E1643171-0D8F-401A-82FF-E96C78297848} <C:\WINDOWS\system32\crscv32.dll, N/A>
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
然后删除C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE
C:\WINDOWS\SYSTEM32\WBEM\ERSSP.DLL
C:\WINDOWS\System32\aobhr.dll
C:\PROGRA~1\klxx
C:\WINDOWS\System32\1c96.exe
C:\WINDOWS\System32\struts.dll
清空C:\WINDOWS\TEMP
C:\WINDOWS\System32\servet.exe
C:\WINDOWS\System32\dllcache\svchost.dll
c:\windows\system32\struts.dll
C:\WINDOWS\winform.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\cmdbcs.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat
C:\Program Files\Internet Explorer\IEXPLORE.win
C:\WINDOWS\System32\pdkpri.dll
C:\WINDOWS\System32\nospri.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.vxd
C:\Program Files\Internet Explorer\InfoMs.dll
C:\WINDOWS\System32\c966.dll
C:\WINDOWS\System32\9d1c.dll
gototop
 
饭后点心
头像
初生襁褓狮
  • 帖子:380
  • 注册: 2006-11-14
  • 来自:
发表于: 2007-05-08 10:50 | 短消息 资料
字号: 16楼

运行SRENG,在注册表里删除:
<tdhi6mz88><C:\WINDOWS\TEMP\Servera.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\System32\pdkpri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\System32\nospri.dll> [N/A]
<{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.dll> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{90BC520C-9175-470E-94B8-10FD869D170B}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.vxd> [N/A]
在服务中删除:
[Fast Client / fast]
<C:\WINDOWS\System32\1c96.exe><N/A>
[Windows pqcc RunThem / pqcc]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\klxx\uvhh.dll>< >
[Windows InstallService / WindowsDown]
<C:\WINDOWS\System32\servet.exe><N/A>
删除驱动
ulqm / ulqmd]
<\SystemRoot\System32\DRIVERS\ulqmd.sys><N/A>
禁止进程:
[c:\progra~1\klxx\xykk.dll] [, 1, 0, 0, 6]
[c:\progra~1\klxx\cdpp.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\System32\c966.dll] [N/A, N/A]
[C:\WINDOWS\System32\9d1c.dll] [ , 1, 0, 0, 3]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
然后删除上面说到的对应文件.
最后清理下流氓软件,重装下QQ.清空下TEMP文件夹
gototop
 
南充长乐
头像
初生襁褓狮
  • 帖子:288
  • 注册: 2005-07-01
  • 来自:
发表于: 2007-05-08 10:55 | 只看楼主 短消息 资料
字号: 17楼

删完之后正常启动会自动运行1c96.exe!、然后又生成以前删除的病毒!!
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT