瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 杀完毒后,总感觉还有病毒,请高手帮我看一下------附扫描日志
lyj888 - 2007-5-29 20:36:00
杀完毒后,总感觉还有病毒,请高手帮我看一下:
[CODE]

2007-05-29,20:03:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
N/A

==================================
服务
[A6DB768 / A6DB768][Stopped/Auto Start]
  <C:\WINDOWS\System32\DDFCD2C8.EXE -d><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NT Data Provider / MouTALS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL,Export 1087><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Storage Center / Trial][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\jgzyy.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[gach / gachp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\gachp.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\QQ-TM\qq\npkcrypt.sys><N/A>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Service for AC'97 Sample Driver (WDM) / SiS7012][Running/Manual Start]
  <system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start]
  <System32\DRIVERS\sisnic.sys><SiS Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ-TM\qq\QQ.EXE, TENCENT>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\System32\QQPhotoDraw.dll, TENCENT>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPPMediaCtrl Object]
  {FCD61199-E187-4ADD-88E5-9AF238486D11} <C:\WINDOWS\System32\forcetv.dll, 北京原力创新科技有限公司>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ-TM\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ-TM\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ-TM\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ-TM\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 556][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 840][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\jgzyy.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1168][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1404][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL]  [N/A, ]
[PID: 1496][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 192][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WinRAR3.2\file\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL]  [N/A, ]
    [c:\windows\system32\jgzyy.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 320][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3656][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1484][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
lyj888 - 2007-5-29 20:38:00
[C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 888][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 132][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3428][D:\病毒专杀工具\智能扫描\sreng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        localhost
127.0.0.1        popwin.9983.com
61.152.169.246    www.kuaiso.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.17tan8.com
61.152.169.246    17tan8.com
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.724tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    quxiuu.com
61.152.169.246    www.quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    down.97725.com
61.152.169.246    www.54699.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    d.77276.com
61.152.169.246    do.77276.com
61.152.169.246    i.96981.com
61.152.169.246    wm.103715.com
61.152.169.246    www.138505.com
61.152.169.246    cool.47555.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    w.168080.com
61.152.169.246    q.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.wwwlm.net
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    dm1.yiall.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.hyap98.com
61.152.169.246    www.51liulan.cn
61.152.169.246    s.gcuj.com
61.152.169.246    long.down988.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    w.vvcyin.com
61.152.169.246    cc.wzxqy.com
61.152.169.246    ip.315hack.com
61.152.169.246    ip.54liumang.com
61.152.169.246    www.41ip.com
61.152.169.246    xulao.com
61.152.169.246    www.xulao.com
61.152.169.246    www.heixiou.com
61.152.169.246    www.9cyy.com
61.152.169.246    adnx.yygou.cn
61.152.169.246    www1.cw988.cn
61.152.169.246    www2.cw988.cn
61.152.169.246    www.asdwc.com
61.152.169.246    ceoww.com
61.152.169.246    boolom.com
61.152.169.246    www.boolom.com
61.152.169.246    www.tellumore.com
61.152.169.246    www.o1wg.com
61.152.169.246    www.qq756.com
61.152.169.246    ll.chinasese.net
61.152.169.246    www.cnwangmeng.cn
61.152.169.246    0.82211.net
61.152.169.246    rising.whatthishome.com
61.152.169.246    www.canqiou.com
61.152.169.246    www.if56.cn
61.152.169.246    woai777.com
61.152.169.246    www.cz-kc.com
61.152.169.246    www.f1ash8.net
61.152.169.246    new.hackpp.com
61.152.169.246    ad.taoip.cn
61.152.169.246    www.game53.com
61.152.169.246    up.boolom.com
61.152.169.246    t.gcuj.com
61.152.169.246    w.zpx520.com
61.152.169.246    www.08325.cn
61.152.169.246    d.fangni.net
61.152.169.246    psxiaokan1.mei7.com
61.152.169.246    jd.54liumang.com
61.152.169.246    www.ipvip.info
61.152.169.246    www.tao168188.com
61.152.169.246    ww.qqzheng.cn
61.152.169.246    mmm.021mm8.com
61.152.169.246    www.urlad.cn
61.152.169.246    www.810810.org
61.152.169.246    my.pkgame8.com
61.152.169.246    www.chunliao.net
61.152.169.246    www.89622.com
61.152.169.246    at2.810810.org
61.152.169.246    www.qq.goto.60ad.cn
61.152.169.246    www.down988.cn
61.152.169.246    mail.8u8y.com
61.152.169.246    ad.uiiiu.com
61.152.169.246    j.56c.us
61.152.169.246    swkee.com
61.152.169.246    love.du97.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
lyj888 - 2007-5-30 18:30:00
dd
newcenturymoon - 2007-5-30 18:32:00
[A6DB768 / A6DB768][Stopped/Auto Start]
<C:\WINDOWS\System32\DDFCD2C8.EXE -d><N/A>
[NT Data Provider / MouTALS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL,Export 1087><Microsoft Corporation>
[Storage Center / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\jgzyy.dll><Microsoft Corporation>
天月来了 - 2007-5-30 18:32:00
呵呵!!!!

感觉正确!!!!1

等他们看吧。
网缘绝恋 - 2007-5-30 18:33:00
HOSTS文件重置
天月来了 - 2007-5-30 18:35:00
阳光!!

驱动里感觉还有个呢!

[gach / gachp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gachp.sys><N/A>

还有HOSTS 文件
lyj888 - 2007-5-30 18:35:00
引用:
【newcenturymoon的贴子】[A6DB768 / A6DB768][Stopped/Auto Start]
<C:\WINDOWS\System32\DDFCD2C8.EXE -d><N/A>
[NT Data Provider / MouTALS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL,Export 1087><Microsoft Corporation>
[Storage Center / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\jgzyy.dll><Microsoft Corporation>
………………

这些是删掉还是怎么样呀?
天月来了 - 2007-5-30 18:35:00
回家了咯!!!!!!

下班啦。
lyj888 - 2007-5-30 18:37:00
引用:
【newcenturymoon的贴子】[A6DB768 / A6DB768][Stopped/Auto Start]
<C:\WINDOWS\System32\DDFCD2C8.EXE -d><N/A>
[NT Data Provider / MouTALS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL,Export 1087><Microsoft Corporation>
[Storage Center / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\jgzyy.dll><Microsoft Corporation>
………………

这几个我也感觉有问题,就是不知是删还是怎么办呀?
lyj888 - 2007-5-30 18:38:00
引用:
【天月来了的贴子】阳光!!

驱动里感觉还有个呢!

[gach / gachp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gachp.sys><N/A>

还有HOSTS 文件
………………

这是要删吗?
网缘绝恋 - 2007-5-30 18:39:00
能删就删  不能删就关
lyj888 - 2007-5-30 18:41:00
引用:
【newcenturymoon的贴子】[A6DB768 / A6DB768][Stopped/Auto Start]
<C:\WINDOWS\System32\DDFCD2C8.EXE -d><N/A>
[NT Data Provider / MouTALS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\ASUFW.DLL,Export 1087><Microsoft Corporation>
[Storage Center / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\jgzyy.dll><Microsoft Corporation>
………………

这几个删了不会有问题吧?
网缘绝恋 - 2007-5-30 18:41:00
[gach / gachp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gachp.sys><N/A>
这个驱动删掉
HOSTS文件重置
有点多嘴。。。
newcenturymoon - 2007-5-30 18:43:00
引用:
【天月来了的贴子】阳光!!

驱动里感觉还有个呢!

[gach / gachp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gachp.sys><N/A>

还有HOSTS 文件
………………

驱动不太敢瞎动 而且这种boot start的东西很难搞掉
那个host 就不用修复了 劫持的都是 恶意网站 也算病毒给我们做的贡献吧
lyj888 - 2007-5-30 18:43:00
而我电脑里的瑞星监控总是弹出已发现病毒的窗口.而要重新启动才能删除
lyj888 - 2007-5-30 18:46:00
Trojan.DL.JS.Agent.lcu清除成功2007-05-28 23:30文件监控C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2MTGQDUPavp[1].htm
Trojan.DL.JS.Agent.lcu清除成功2007-05-28 23:30文件监控C:\Documents and Settings\Administrator\桌面Microsoft.com
Trojan.DL.Agent.JS.aa清除成功2007-05-28 23:39文件监控C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BW0QB9TK2[1].htm
Trojan.DL.Agent.JS.aa跳过脚本2007-05-28 23:39网页/脚本监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp290834167152.tmp
Win32.KLdown.b清除成功2007-05-29 12:40文件监控C:\HEROSOFT\Hero3000STHSVCD.exe
Win32.KLdown.b清除成功2007-05-29 18:36文件监控C:\WINDOWS\system32\dllcachefpcount.exe
Win32.KLdown.b清除成功2007-05-29 18:37文件监控C:\WINDOWS\system32\dllcacheadmin.exe
Win32.KLdown.b清除成功2007-05-29 18:37文件监控C:\WINDOWS\system32\dllcacheicwrmind.exe
Win32.KLdown.b清除成功2007-05-29 18:37文件监控C:\WINDOWS\system32\dllcacheicwtutor.exe
Win32.KLdown.b清除成功2007-05-29 18:41文件监控C:\WINDOWS\system32\dllcachedlimport.exe
Win32.KLdown.b清除成功2007-05-29 18:41文件监控C:\WINDOWS\system32\dllcacheimegen.exe
Win32.KLdown.b清除成功2007-05-29 18:42文件监控C:\WINDOWS\system32\dllcachedialer.exe
Win32.KLdown.b清除成功2007-05-29 18:45文件监控C:\WINDOWS\system32\dllcachecplexe.exe
Trojan.DL.Mnless.agd重新启动计算机后删除文件2007-05-29 19:01文件监控C:\WINDOWS\system32\wbemselfnull.exe
Trojan.DL.Mnless.agd重新启动计算机后删除文件2007-05-29 19:43文件监控C:\WINDOWS\system32selfnull.exe
Trojan.DL.QQHelper.fly重新启动计算机后删除文件2007-05-29 20:02文件监控C:\WINDOWS\SYSTEM32\WBEMASUFW.DLL
Trojan.DL.QQHelper.fly重新启动计算机后删除文件2007-05-29 20:02文件监控C:\WINDOWS\SYSTEM32\WBEMASUFW.DLL
Trojan.DL.QQHelper.fly重新启动计算机后删除文件2007-05-29 20:02文件监控C:\WINDOWS\SYSTEM32\WBEMASUFW.DLL
Trojan.DL.Inject.abm重新启动计算机后删除文件2007-05-29 20:03文件监控C:\WINDOWS\SYSTEM32\DRIVERSGACHP.SYS
Trojan.DL.QQHelper.fly重新启动计算机后删除文件2007-05-29 20:19文件监控C:\WINDOWS\system32\wbemasufw.dll
Trojan.DL.Inject.abm重新启动计算机后删除文件2007-05-30 18:29文件监控C:\WINDOWS\system32\driversgachp.sys
网缘绝恋 - 2007-5-30 18:46:00
lyj888 - 2007-5-30 18:48:00
这些我重启了还是有.总是弹出发现病毒,还是杀不完一样.
火影忍者 - 2007-5-30 18:50:00
因为驱动项是随机的...即使百度查到的是空的...也不一定是有问题的..

除非确认了是有问题的阳光才会动它
lyj888 - 2007-5-30 18:57:00
谢谢各位了.
天月来了 - 2007-5-30 20:31:00
对我来说,只要没发现系统里安装太多不明软件,遇到这些,都建议备份注册表,备份文件,然后卡嚓。

呵呵!!!!!!!!
1
查看完整版本: 杀完毒后,总感觉还有病毒,请高手帮我看一下------附扫描日志
© 2000 - 2026 Rising Corp. Ltd.