瑞星卡卡安全论坛

病毒如下(附扫描结果)

Trojan.PSW.Win32.GameOL.owf C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.owc C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ott C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovi C:\WINDOWS\system32

Trojan.PSW.Win32.GameOL.ovp C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.ovp C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.owf C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.owf C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.ovp C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.owf C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.oys C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.oyz C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.ovp C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.owf C:\Documents and Settings\Administrator\Local Settings\Temp

Trojan.PSW.Win32.GameOL.ovp C:\Documents and Settings\Administrator\Local Settings\Temp

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

附件: SREngLOG.txt

谢谢大家帮帮我吧

删除文件
C:\WINDOWS\system32\zefdst.dll
  C:\WINDOWS\system32\rfdswc.dll
  C:\WINDOWS\system32\fsrgeb.dll
  C:\WINDOWS\system32\zgtwfx.dll
C:\WINDOWS\system32\tsd32.dll


删除启动项
<{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  [File is missing]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  [File is missing]
    <{28EB3777-3E23-4E72-8449-A992D09D24C3}><C:\WINDOWS\system32\zefdst.dll>  []
    <{C362D1C3-313C-41C8-A0C7-45458CD8D9A9}><C:\WINDOWS\system32\mghefy.dll>  [File is missing]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [File is missing]
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [File is missing]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><C:\WINDOWS\system32\wyhesm.dll>  [File is missing]
    <{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll>  []
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  [File is missing]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [File is missing]
    <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  [File is missing]
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [File is missing]
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  [File is missing]
    <{0086DD39-EB8E-4504-A085-AC8A433E34D0}><C:\WINDOWS\system32\ydggsx.dll>  [File is missing]
删除浏览器加载项
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {02496EBC-8455-48DB-B3C7-5DAC97D9F5A7} <, >
[]
  {02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <, >
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[]
  {2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
  {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} <, >
[]
  {448A5F6B-8C03-4B54-A338-F00237C508AD} <, >
]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {9030D463-4C02-4ABF-8ECC-5164760863C6} <, >
[]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >


可疑文件
自己测下http://www.virscan.org/
http://www.virustotal.com/zh-cn/
C:\WINDOWS\system32\pctspk.exe

用附件清理临时文件

附件: 临时文件清理工具.rar

楼主开机按F8进安全模式 先清理临时文件夹(优化大师、windows清理助手)然后再次杀毒
用sreng工具删除以下注册表启动项：
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  [File is missing]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  [File is missing]
    <{28EB3777-3E23-4E72-8449-A992D09D24C3}><C:\WINDOWS\system32\zefdst.dll>  []
    <{C362D1C3-313C-41C8-A0C7-45458CD8D9A9}><C:\WINDOWS\system32\mghefy.dll>  [File is missing]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [File is missing]
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [File is missing]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><C:\WINDOWS\system32\wyhesm.dll>  [File is missing]
    <{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll>  []
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  [File is missing]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [File is missing]
    <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  [File is missing]
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [File is missing]
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  [File is missing]
    <{0086DD39-EB8E-4504-A085-AC8A433E34D0}><C:\WINDOWS\system32\ydggsx.dll>  [File is missing]
用xdelbox工具删除以下文件：
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\zefdst.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\zgtwfx.dll
工具下载使用方法见我签名

好了,谢谢过二位

还有那个TEMP目录下的东东也别忘了删