瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 高手救我~中了Backdoor.win32病毒,咋删删不掉
cfanc - 2009-7-5 9:36:00
本人电脑装vista操作系统,最近用瑞星查出c盘中windos\system32\中有两个文件木马病毒luujq.sys 和 moTfK.dll。 瑞星说是Backdoor.win32.Koutodoor.fo。.病毒删不掉,文件也无法删除,用木马清道夫和360safe也删不掉,在安全模式下用瑞星和木马清道夫都删不掉 我现在郁闷之极,请教各位高手,这俩病毒是什么病毒,有危险性么,应该怎样才能彻底清除他们,别给我说重装系统,为了俩病毒不值得,要详细清除办法,在此先谢谢了

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; SaaYaa)
天月来了 - 2009-7-5 9:54:00
用SRENG工具扫描系统日志发这论坛来

点击下载:SRENG工具  (内附说明)(右键选择“目标另存为”下载)本链接不支持迅雷等下载工具下载


建议日志文件以附件形式发来
点击我这贴右下角的“引用”,然后就应该知道怎么发了。
cfanc - 2009-7-5 10:04:00
[CODE]

2009-07-05,10:05:07

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Antispy ARP><C:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [Kingsoft Corporation]
    <瑞星个人防火墙><C:\Users\Public\Desktop\瑞星个人防火墙.lnk>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Windows木马防火墙><D:\安装程序Programs\木马清道夫\Trojanwall.exe>  [风云谷科技]
    <Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
    <RtHDVCpl><RtHDVCpl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PCMService><"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe">  [CyberLink Corp.]
    <NvSvc><RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <LogitechQuickCamRibbon><"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide>  [(Verified)Logitech Inc]
    <EzButton><C:\PROGRA~1\EzButton\EzButton.EXE>  [Dritek System Inc.]
    <EnergyUtility><C:\Program Files\Lenovo\EnergyCut\utilty.exe>  [TODO: <Company name>]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Thunder><D:\安装程序Programs\迅雷\Program\Thunder.exe -s>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <360sd><D:\安装程序Programs\360sd\360sdrun.exe>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <THGuard><"D:\安装程序Programs\TrojanHunter 5.1\THGuard.exe">  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player 5.2><rundll32.exe advpack.dll,LaunchINFSection C:\Windows\INF\mswmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\Windows\system32\scrnsave.scr>  [(Verified)Microsoft Windows]
cfanc - 2009-7-5 10:04:00
启动文件夹
N/A

==================================
服务
[360rp / 360rp][Running/Auto Start]
  <D:\安装程序Programs\360sd\360rp.exe><360安全中心>
[Agere Modem Call Progress Audio / AgereModemAudio][Running/Auto Start]
  <C:\Windows\system32\agrsmsvc.exe><Agere Systems>
[Update For Windows / Autoupdate][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\Autoupdate.dll><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <D:\安装程序Programs\暴风影音\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Kingsoft Basic Service / kaccore][Running/Auto Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Process Monitor / LVPrcSrv][Running/Auto Start]
  <"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"><Logitech Inc.>
[LVSrvLauncher / LVSrvLauncher][Stopped/Auto Start]
  <C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe><Logitech Inc.>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rfw\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
  <"C:\Program Files\Rising\Rfw\RavTask.exe" RfwTask><Beijing Rising Information Technology Co., Ltd.>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
  <"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Vista Scanner / RsVScanner][Running/Auto Start]
  <C:\Program Files\Rising\Rav\scannerd.exe><Beijing Rising Technology Co., Ltd.>
[BitDefender Threat Scanner / scan][Stopped/Manual Start]
  <C:\Windows\System32\svchost.exe -k bdx-->D:\安装程序Programs\360sd\scan.dll><S.C. BitDefender S.R.L>
[Broadcom Wireless LAN Tray Service / wltrysvc][Running/Auto Start]
  <C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe><N/A>

==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom Extensible 802.11 网络适配器驱动程序 / BCM43XV][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl6.sys><Broadcom Corporation>
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl6.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[bdfsfltr / bdfsfltr][Stopped/Manual Start]
  <system32\DRIVERS\bdfsfltr.sys><BitDefender S.R.L. Bucharest, ROMANIA>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Dritek General Port I/O / DritekPortIO][Running/System Start]
  <\??\C:\PROGRA~1\EzButton\DPortIO.sys><Dritek System Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\Windows\system32\drivers\EagleNT.sys><N/A>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
  <System32\Drivers\FTCkillfile.sys><风云谷科技>
[FTCProtect / FTCProtect][Stopped/Manual Start]
  <System32\Drivers\FTCProtect.sys><风云谷科技>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[LVBulk Service / LVBulk][Stopped/Manual Start]
  <system32\DRIVERS\LVBulk.sys><Logitech Inc.>
[Logitech AEC Driver / LVcKap][Stopped/Manual Start]
  <system32\DRIVERS\LVcKap.sys><Logitech Inc.>
[Logitech Machine Vision Engine Loader / LVMVDrv][Stopped/Manual Start]
  <system32\DRIVERS\LVMVDrv.sys><Logitech Inc.>
[Logitech LVPr2Mon Driver / LVPr2Mon][Running/Manual Start]
  <system32\DRIVERS\LVPr2Mon.sys><>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\Windows\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Windows\system32\npkycryp.sys><N/A>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[Logitech ClickSmart 310(PID_0900_V) / PID_0900_V][Stopped/Manual Start]
  <system32\DRIVERS\LV551AV.sys><Logitech Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[R300 / R300][Stopped/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[Rising RfwBase Driver / RfwBase9][Running/System Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rimmptsk / rimmptsk][Running/Auto Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Auto Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Running/System Start]
  <system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100 NIC 系列 NDIS x86 驱动程序 / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[tcphoc / tcphoc][Stopped/Manual Start]
  <\??\D:\安装程序Programs\迅雷\Program\tcphoc.sys><N/A>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
  <\??\C:\Windows\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\Windows\system32\TesSafe.sys><TENCENT>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[xikjie / xikjie][Running/Boot Start]
  <\SystemRoot\system32\drivers\luujq.sys><N/A>
cfanc - 2009-7-5 10:05:00
浏览器加载项
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装程序Programs\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0EBB275B-CEDB-4EF3-8E30-47B1B2631700} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\安装程序Programs\迅雷\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\ProgramData\Thunder Network\KanKan\xplayer.dll_1_work, Thunder Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\ProgramData\Thunder Network\KanKan\xdrm.dll_1_work, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\Windows\system32\INPUTC~1.DLL, >
[]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装程序Programs\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\Windows\system32\SUBMIT~1.DLL, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5903.182.(635).dll, (Signed) 深圳市迅雷网络技术有限公司>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.20.(636).dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5903.182.(635).dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[]
  {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)  Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.59010.253.(635).dll, (Signed) 深圳市迅雷网络技术有限公司>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {FFFFEECE-FF18-8222-2FB0-2935B9EA0830} <, >
[使用迅雷下载]
  <D:\安装程序Programs\迅雷\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\安装程序Programs\迅雷\Program\GetAllUrl.htm, N/A>
cfanc - 2009-7-5 10:06:00
版主救我 啊啊啊啊啊啊:kaka3: :kaka3: :kaka3:
aaccbbdd - 2009-7-5 10:08:00
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
cfanc - 2009-7-5 10:16:00


引用:
原帖由 aaccbbdd 于 2009-7-5 10:08:00 发表
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)

附件: SREngLOG.log (2009-7-5 10:15:36, 74.71 K)
该附件被下载次数 255

cfanc - 2009-7-5 10:21:00
诸位救救我哦啊啊啊啊:kaka4: :kaka4: :kaka4: :kaka4: :kaka4: :kaka4: :kaka4:
aaccbbdd - 2009-7-5 10:21:00
1.建议使用XDelBox(Xdelbox解压后运行)删除以下文件:(XDelBox1.8下载)
使用说明:(先勾选抑制再生)删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\autoupdate.dll
c:\windows\system32\drivers\luujq.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[Update For Windows / Autoupdate]    <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\Autoupdate.dll>

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[xikjie / xikjie]    <\SystemRoot\system32\drivers\luujq.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析:小狮子
时间:2009-7-5
SREngLog分析助手 1.4 BY 草莽书生 (20090209 更新 BY 小金)


此外
启动项过多....
1
查看完整版本: 高手救我~中了Backdoor.win32病毒,咋删删不掉
© 2000 - 2025 Rising Corp. Ltd.