瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 电脑有病毒 请帮忙看看
幻之神 - 2009-4-14 19:46:00
我用AVG查出有Trojan horse Downloader  病毒
可是用瑞星查不出来 怎么回事?
现在电脑变得很卡

麻烦帮忙看看

附件为SReng扫描日志。

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; TheWorld)

附件: SREngLOG.log
幻之神 - 2009-4-14 19:47:00
在线等
儤ㄌ - 2009-4-14 19:59:00
电脑还原下不行了
sinoer - 2009-4-14 20:01:00
安装卡卡,使用高级工具里的修复应用程序劫持项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe]
    <IFEO[AutoRun.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
    <IFEO[boxmod.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe]
    <IFEO[cross.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
    <IFEO[DrRtp.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
    <IFEO[enc98.EXE]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe]
    <IFEO[guangd.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe]
    <IFEO[SDGames.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShuiNiu.exe]
    <IFEO[ShuiNiu.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe]
    <IFEO[svch0st.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Systom.exe]
    <IFEO[Systom.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe]
    <IFEO[TNT.Exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe]
    <IFEO[TxoMoU.Exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
    <IFEO[ua80.EXE]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe]
    <IFEO[UFO.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe]
    <IFEO[XP.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><D:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
幻之神 - 2009-4-14 20:11:00
高级工具里没有修复应用程序劫持项嘛?
sinoer - 2009-4-14 20:14:00
高级工具-启动项管理--应用程序劫持项--修复
幻之神 - 2009-4-14 20:16:00
哦 找到了
谢谢
chuanshao - 2009-4-14 20:45:00
光清理映像劫持还不行,还有病毒文件呢。。

d:\windows\avtapit.dll  先将这个文件传到http://www.virustotal.com/zh-cn/ 检测下,如果有问题 也加入到下面的删除中。

1.因为你的系统是在D盘建议下载费尔木马强力清除助手删除以下文件:


d:\windows\inf\jlsqtodp.inf
d:\windows\system32\cdcd.sys
d:\windows\system32\drivers\lirsgt.sys
d:\windows\system32\drivers\geeizf.sys
d:\windows\system32\drivers\atksgt.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除(如果你已经修复了映像劫持,这里就不用了):
[IFEO[auto.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[AutoRun.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[boxmod.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[cross.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[DrRtp.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[enc98.EXE]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[guangd.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[NAVSetup.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[rfwProxy.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[SDGames.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[ShuiNiu.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[sos.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[svch0st.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[Systom.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[TNT.Exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[TxoMoU.Exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[ua80.EXE]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[UFO.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[XP.exe]]    <D:\WINDOWS\system32\svchost.exe>
[IFEO[zxsweep.exe]]    <D:\WINDOWS\system32\svchost.exe>

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[WbWin / WbWin]    <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\avtapit.dll> 同上,如果avtapit.dll检测出有问题,删除

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[VIA SCSI MiniPort / VIASCSl]    <\SystemRoot\inf\jlsqtodp.inf>
[Cdsys / Cdsys]    <\??\D:\WINDOWS\system32\cdcd.sys>
[lirsgt / lirsgt]    <system32\DRIVERS\lirsgt.sys>
[geeiz / agrwm]    <\SystemRoot\system32\drivers\geeizf.sys>
[atksgt / atksgt]    <system32\DRIVERS\atksgt.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析:chuanshao
时间:2009-4-14


下载windows清理助手清理恶意软件
http://www.arswp.com/download/arswp/arswp.rar  (升级后使用)

下载临时文件清理工具清理临时文件
http://www.dodudou.com/down/ATF-Cleaner-cn.exe
1
查看完整版本: 电脑有病毒 请帮忙看看
© 2000 - 2025 Rising Corp. Ltd.