瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 HELP~~~~~~~~我电脑中毒了,谁知道怎么彻底清除吗?!谢谢!【原创】

1   1  /  1  页   跳转

HELP~~~~~~~~我电脑中毒了,谁知道怎么彻底清除吗?!谢谢!【原创】

收藏
走路很飘
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-18 21:57 | 显示全部 短消息 资料
字号: 1楼

HELP~~~~~~~~我电脑中毒了,谁知道怎么彻底清除吗?!谢谢!【原创】

映像名称  5263.EXE  用户名 SYSTEM  大小3,032K
本来任务管理器还有一个RUNDLL32,我到安全模式下用卡巴斯基扫描杀了病毒,可是重启后进入系统每次打开网页或者硬盘都会出现一个对话框"加载时出错,找不到指定的模块"对话框的文件名叫RUNDLL,谁知道怎么解决这二个问题呀?!小妹先在这里说声谢谢了!
最后编辑2007-05-21 09:13:09
分享到:
gototop
 
走路很飘
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-18 22:25 | 显示全部 短消息 资料
字号: 2楼

[CODE]

2007-05-18,22:12:14

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <SKYNET Personal FireWall><D:\PROGRA~1\SkyNet\Firewall\pfw.exe>  [N/A]
    <UUCallMini><"D:\UUCall3.exe" -autorun>  [N/A]
    <tfjicec><C:\Program Files\Uninstall Information\tfjicec.exe>  []
    <AVP><"D:\Program Files\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <Register D:\Program Files\CPHelper.dll><"C:\WINDOWS\system32\rundll32.exe" "D:\Program Files\CPHelper.dll",DllRegisterServer>  []
    <Register D:\Program Files\Timwp.dll><"C:\WINDOWS\system32\rundll32.exe" "D:\Program Files\Timwp.dll",DllRegisterServer>  [(Verified)Tencent Technology (ShenZhen) Company Limited]
    <Register D:\Program Files\TIMProxy.dll><"C:\WINDOWS\system32\rundll32.exe" "D:\Program Files\TIMProxy.dll",DllRegisterServer>  [tencent]
    <Register D:\Program Files\qdshm.dll><"C:\WINDOWS\system32\rundll32.exe" "D:\Program Files\qdshm.dll",DllRegisterServer>  []
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[yceflf]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\yceflf.lnk --> C:\PROGRA~1\AvRack\yceflff.exe [N/A]><N>

==================================
服务
[卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  <"D:\Program Files\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Fax Client / ms_fax][Running/Auto Start]
  <C:\WINDOWS\system32\5263.exe><N/A>

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[front / front][Stopped/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[roreg / roreg][Stopped/System Start]
  <2 - 系统找不到指定的文件。
><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Abho Class]
  {1238F6B9-C123-4049-B07E-7A71AF320032} <C:\WINDOWS\system32\052.dll, TODO: <公司名>>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\scieplugin.dll, Kaspersky Lab>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Abho Class]
  {1238F6B9-C123-4049-B07E-7A71AF320032} <C:\WINDOWS\system32\052.dll, TODO: <公司名>>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CPPIE Class]
  {C6844939-C324-41E0-84D0-D42F8DA5EBAD} <, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\Program Files\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <D:\Program Files\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\Program Files\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\SendMMS.htm, N/A>
gototop
 
走路很飘
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-18 22:26 | 显示全部 短消息 资料
字号: 3楼

正在运行的进程
[PID: 488][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 632][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\system32\052.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\rarext.dll]  [N/A, ]
    [D:\Program Files\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1584][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1872][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3544][C:\Program Files\Rising\AntiSpyware\Ras.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 6, 1]
    [C:\Program Files\Rising\AntiSpyware\RasGui.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [D:\Program Files\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 412][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [D:\Program Files\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\system32\052.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\nfio.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\basegui.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\FSSync.dll]  [Kaspersky Lab, 6.0.5.621]
    [d:\program files\winreg.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2172][D:\xz\TTPlayer.exe]  [Alen Soft, 4, 6, 9, 0]
    [D:\xz\ttpcomm.dll]  [N/A, ]
    [D:\xz\ttpres.dll]  [Alen Soft, 4, 6, 9, 0]
    [D:\xz\msdmo.dll]  [Microsoft Corporation, 6.03.01.0400]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\xz\AddIn\ttp_asf.dll]  [N/A, ]
    [D:\xz\AddIn\ttp_aac.dll]  [N/A, ]
    [D:\xz\AddIn\ttp_ac3dts.dll]  [N/A, ]
    [D:\xz\wmadmod.dll]  [Microsoft Corporation, 10.00.00.3646]
[PID: 3380][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [D:\Program Files\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [D:\Program Files\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\Program Files\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Program Files\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\Program Files\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [D:\Program Files\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [D:\Program Files\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\iEmbedShell.dll]  [ , 1, 0, 0, 17]
    [D:\Program Files\iEmbed09.dll]  [ , 3, 3, 0, 78]
    [D:\Program Files\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\program files\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1972][D:\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [C:\WINDOWS\hh.exe %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1                    about-blank.cc
127.0.0.1                    kzxf.com
127.0.0.1                    vod.mmdy.org
127.0.0.1                    www.4199.com
127.0.0.1                    www.71791.com
127.0.0.1                    www.7939.com
127.0.0.1                    www.9505.com
127.0.0.1                    www.feixue.net
127.0.0.1                    www.kzxf.com
127.0.0.1                    www.piaoxue.com
127.0.0.1                    www.xfkz.com
127.0.0.1                    xfkz.com

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE35AF0)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE35CD0)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE35E30)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xBAE35BE0)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xBAE35DE0)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
走路很飘
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-21 07:46 | 显示全部 短消息 资料
字号: 4楼

QQ不能用,我卸载了QQ,然后重新安装,结果卡巴说程序有病毒不允许再继续安装,安装QQ的时候有个中文搜,勾怎么点也去不掉,真郁闷,结果我就不装了,把原来的QQ程序删了,在网上下载了还是一样的结果
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT