瑞星卡卡安全论坛

今天开机，杀毒软件（卡巴斯基）即发现电脑感染病毒，路径C:\Program Files\searchnet\searchnet.exe可是查找时，不知searchnet文件夹在哪里。所以怀疑是内存病毒。请大虾指点！！

此病毒已经感染了下面文件C:\WINDOWS\system32\big5_gb2312.exe和C:\WINDOWS\system32\seedserv.exe以及C:\WINDOWS\system32\servehost.exe可是查不到这些文件在哪里？？？救救我！！！不胜感激！！

用ghost文件恢复以后，开机又报告发现C:\Program Files\searchnet\srvnet32.dll被感染。。。

引用:

【平民贵族的贴子】此病毒已经感染了下面文件C:\WINDOWS\system32\big5_gb2312.exe和C:\WINDOWS\system32\seedserv.exe以及C:\WINDOWS\system32\servehost.exe可是查不到这些文件在哪里？？？救救我！！！不胜感激！！ ...........................

修改一下文件夹选项看看

附件: 58878120051215123702.JPG

修改过了！！还是查不到！！

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

这是日志，请大虾帮忙！！！

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe

+ SKYNET Personal FireWall天网防火墙个人版广州众达天网技术有限公司c:\program files\skynet\firewall\pfw.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ blue.shelld:\program files\pinnacle\edition 5\program\blueshellext.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ NeroDigitalIconHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

+ NeroDigitalPropSheetHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

+ RecordNow! ContextMenuExtShell Extensionsc:\program files\sonic\mydvd studio deluxe\recordnow!\shlext.dll

+ RecordNow! SendToExtShell Extensionsc:\program files\sonic\mydvd studio deluxe\recordnow!\shlext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ NeroDigitalColumnHandler ClassNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ IEHlprObj ClassIEHelper Modulec:\windows\system32\qylhelper.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\program files\tencent\qq\qqiehelper.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

+ 腾讯QQQQTENCENTc:\program files\tencent\qq\qq.exe

HKLM\System\CurrentControlSet\Services

+ .Net Boot ServiceFile not found: C:\WINDOWS\system32\big5_gb2312.exe

+ EPSON_PM_RPCV2_02EPSON Status Monitor 3SEIKO EPSON CORPORATIONc:\windows\system32\e_s00rp2.exe

+ EPSONStatusAgent2EPSON Printer Status AgentSEIKO EPSON CORPORATIONc:\program files\common files\epson\ebapi\sagent2.exe

+ kavsvcKaspersky Anti-Virus ServiceKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe

+ Local Network ServiceFile not found: C:\WINDOWS\system32\SeedServ.exe

+ MPSVCServiceMPSVCMicropoint Corporationc:\program files\micropoint\mpsvc.exe

+ UleadBurningHelperULCDRSvrUlead Systems, Inc.c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe

HKLM\System\CurrentControlSet\Services

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ ASAPIW2kASAPIVOB Computersysteme GmbHc:\windows\system32\drivers\asapiw2k.sys

+ CA561Universal Serial Bus Camera DriverSPc:\windows\system32\drivers\spca561.sys

+ drvmcdbDevice DriverSonic Solutionsc:\windows\system32\drivers\drvmcdb.sys

+ dtscsic:\windows\system32\drivers\dtscsi.sys

+ hardlockHardlock Device Driver for Windows NTAladdin Knowledge Systemsc:\windows\system32\drivers\hardlock.sys

+ HaspntHASP Kernel Device Driver for Windows NTAladdin Knowledge Systemsc:\windows\system32\drivers\haspnt.sys

+ hlpc:\windows\system32\drivers\hlp.sys

+ ids00026File not found: C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys

+ ids0005cKaspersky Anti-Hacker IDS PluginKaspersky Labsc:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0005c.sys

+ KlickKaspersky Anti-Hacker NDIS InterceptorKaspersky Labsc:\windows\system32\drivers\klick.sys

+ Klifspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys

+ KlinKaspersky Anti-Hacker TDI InterceptorKaspersky Labsc:\windows\system32\drivers\klin.sys

+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\windows\system32\drivers\klmc.sys

+ klstmKaspersky Anti-Hacker Stealth Mode PluginKaspersky Labsc:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\klstm.sys

+ mp110001mp110001MicroPoint Corporationc:\windows\system32\drivers\mp110001.sys

+ mp110002mp110002Micropoint Corporationc:\windows\system32\drivers\mp110002.sys

+ mp110003mp110003Micropoint Corporationc:\windows\system32\drivers\mp110003.sys

+ mp110004mp110004Micropoint Corporationc:\windows\system32\drivers\mp110004.sys

+ mp110005mp110005Micropoint Corporationc:\windows\system32\drivers\mp110005.sys

+ mp110006mp110006.sys driverMicropoint Corporationc:\windows\system32\drivers\mp110006.sys

+ mp110007Micropoint Corporationc:\windows\system32\drivers\mp110007.sys

+ mp110008Micropoint Corporationc:\windows\system32\drivers\mp110008.sys

+ mp110009mp110009Micropoint Corporationc:\windows\system32\drivers\mp110009.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.c:\program files\tencent\qq\npkcrypt.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys

+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SKNFWc:\windows\system32\drivers\sknfw.sys

+ sptdc:\windows\system32\drivers\sptd.sys

+ sscdbusSAMSUNG USB Composite Device DriverMCCIc:\windows\system32\drivers\sscdbus.sys

+ sscdmdmSAMSUNG CDMA Modem DriversMCCIc:\windows\system32\drivers\sscdmdm.sys

+ TSPspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys

+ Vcsc:\windows\system32\drivers\vcs.sys

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\Herosoft\HEROVDOC\ScSaver.scrc:\herosoft\herovdoc\scsaver.scr

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ EPSON V5 2KMonitorEPSON Bidirectional MonitorSEIKO EPSON CORPORATIONc:\windows\system32\ebpmon2.dll

病毒名：Trojan-Spy.Win32.Agent.iw

+ IEHlprObj ClassIEHelper Modulec:\windows\system32\qylhelper.dll
这个IE插件不知是什么

其他没看出问题
你找不到文件的原因可能是被卡巴隔离或删除了

一直在跳出病毒。杀不完，也杀不掉！！救命！

searchnet是一个网络搜索软件
没有什么大的用处
建议卸载之

卸载searchnet

删除C:\Program Files\searchnet

另外\windows\system32\qylhelper.dll是青娱乐的IE插件
建议卸载青娱乐
删除\windows\system32\qylhelper.dll

那病毒Trojan-Spy.Win32.Agent.iw怎么删除啊！！

引用:

【平民贵族的贴子】那病毒Trojan-Spy.Win32.Agent.iw怎么删除啊！！ ...........................

也有可能是那个软件导致的
建议先卸载
然后安全模式下再断网查杀一下
OK？

近几天没安装新软件啊！卸载那个软件？？请大虾帮我！感激涕零！！！现在的电脑很慢了！！

引用:

【平民贵族的贴子】近几天没安装新软件啊！卸载那个软件？？请大虾帮我！感激涕零！！！现在的电脑很慢了！！ ...........................

C:\Program Files\searchnet\searchnet.exe

修改了文件夹选项，根本久找不到C:\Program Files\searchnet这个文件夹！！！！！

怎么办？？！！！大虾们！！！！！！！！！！怎么病毒路径不存在呀？？！！！

......哭泣中.......

用IceSword看看
http://forum.ikaka.com/topic.asp?board=28&artid=7168178

请baohe来看看，用IceSword察看没有病毒。但现在系统运行很慢。。

现在看来，病毒是清除了。但浏览网页很慢。有什么问题？？？？请大虾帮忙！！！