很恐怖的病毒

.Rwu898 这个病毒折磨我很多天了，包括c盘格式化安装后只安装网卡驱动，立即使用更新完成的喀巴司机，金山毒霸杀毒无任何发现，重启立即染毒，所有的防火墙及杀毒软件立即无法使用，出现大量scvhost双iexplore.exe进程，以及大量无法辨认的进程： 2007-01-04,23:06:04 System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中： 所有的启动项目（包括注册表、启动文件夹、服务等） 浏览器加载项 正在运行的进程（包括进程模块信息） 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation] (KavPFW)(＂D:\杀毒软件\KAV\KPFW32.EXE＂) [Kingsoft Corporation] (wsctf.exe)(C:\WINDOWS\system32\wsctf.exe) [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] (load)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (IMJPMIG8.1)(＂C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE＂ /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation] (PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation] (PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation] (KavStart)(＂D:\杀毒软件\KAV\KAVStart.exe＂ -startup) [Kingsoft Corporation] (StormCodec_Helper)(＂C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe＂ /S /opti) [N/A] (RaidTool)(C:\Program Files\VIA\RAID\raid_tool.exe) [VIA Technologies] (SoundMan)(SOUNDMAN.EXE) [(Verified)Realtek Semiconductor Corp.] (ATIPTA)(C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe) [ATI Technologies, Inc.] dngz.net

(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation] (kis)(＂D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\avp.exe＂) [Kaspersky Lab] (AVP)(＂D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\avp.exe＂) [Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] (twin)(C:\WINDOWS\system32\twunk32.exe) [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Corporation] (Userinit)(C:\WINDOWS\system32\Userinit.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (UIHost)(logonui.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] (PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Corporation] (CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Corporation] (WebCheck)(%SystemRoot%\system32\webcheck.dll) [(Verified)Microsoft Corporation] (SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] (WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] (WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] 本文来自 www.dngz.net (WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] (WinlogonNotify: klogon)(C:\WINDOWS\system32\klogon.dll) [Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] (WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] (WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] (WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] (WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] (WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] (WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] ({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Corporation] ({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] (SCRNSAVE.EXE)(C:\WINDOWS\System32\logon.scr) [Microsoft Corporation] 启动文件夹 [Adobe Reader Speed Launch] (C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --) D:\阅读软件\ADOBER~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated])(N)

本文来自 www.dngz.net

服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] (C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.) [ATI Smart / ATI Smart][Stopped/Auto Start] (C:\WINDOWS\system32\ati2sgag.exe)() [AVP / AVP][Stopped/Auto Start] (＂D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\avp.exe＂ -r)(Kaspersky Lab) [C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start] (C:\WINDOWS\system32\drivers\CDAC11BA.EXE)(Macrovision) [Human Interface Device Access / HidServ][Stopped/Disabled] (C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A) [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] (＂D:\杀毒软件\KAV\KPfwSvc.EXE＂)(Kingsoft Corporation) [Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start] (D:\杀毒软件\KAV\KWatch.EXE)(Kingsoft Corporation) 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] (system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.) [ati2mtag / ati2mtag][Running/Manual Start] (system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.) [CdaC15BA / CdaC15BA][Running/Auto Start] (\？\C:\WINDOWS\system32\drivers\CDAC15BA.SYS)(Macrovision Europe Ltd) [kl1 / kl1][Running/Boot Start] (\SystemRoot\system32\drivers\kl1.sys)(Kaspersky Lab) [klif / klif][Running/System Start] (\？\C:\WINDOWS\system32\drivers\klif.sys)(Kaspersky Lab) [KNetWch / KNetWch][Running/System Start] (\？\D:\杀毒软件\KAV\KNetWch.SYS)(Kingsoft Corporation) [KWatch3 / KWatch3][Running/System Start] (\？\C:\WINDOWS\system32\drivers\KWatch3.SYS)(Kingsoft Corporation) [ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start] (system32\DRIVERS\ASACPI.sys)() [Direct Parallel Link Driver / Ptilink][Running/Manual Start] ; (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(N/A) [ViaIde / ViaIde][Running/Boot Start] (\SystemRoot\system32\DRIVERS\viaide.sys)(Microsoft Corporation) [viamraid / viamraid][Running/Boot Start] (\SystemRoot\system32\DRIVERS\viamraid.sys)(VIA Technologies inc,.ltd) [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] (system32\DRIVERS\yk51x86.sys)(Marvell) 浏览器加载项 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\阅读软件\Adobe reader 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated) [Flash Object Class] {109B111C-371B-4267-AF19-BDEB6EDA0970} (C:\WINDOWS\Flash8.dll, Macromedia, Inc.) [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} (D:\杀毒软件\KAV\KAVAFish.DLL, Kingsoft Corporation) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\下载工具\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD) [信息检索(＆R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation) [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation) [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\阅读软件\Adobe reader 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated) [Flash Object Class] {109B111C-371B-4267-AF19-BDEB6EDA0970} (C:\WINDOWS\Flash8.dll, Macromedia, Inc.) [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation) [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A) [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} (C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation)

(www.dngz.net)版权所有

[CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} (D:\杀毒软件\KAV\KAVAFish.DLL, Kingsoft Corporation) [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\下载工具\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD) [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.) [＆使用迅雷下载] (D:\下载工具\迅雷\Program\GetUrl.htm, N/A) [＆使用迅雷下载全部链接] (D:\下载工具\迅雷\Program\GetAllUrl.htm, N/A) [上传到QQ网络硬盘] (D:\聊天软件\QQ2006\AddToNetDisk.htm, N/A) [导出到 Microsoft Office Excel(＆X)] (res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A) [添加到QQ自定义面板] (D:\聊天软件\QQ2006\AddPanel.htm, N/A) [添加到QQ表情] (D:\聊天软件\QQ2006\AddEmotion.htm, N/A) [添加到卡巴] (D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\ie_banner_deny, N/A) [用QQ彩信发送该图片] (D:\聊天软件\QQ2006\SendMMS.htm, N/A) [金山毒霸反钓鱼...] (D:\杀毒软件\KAV\KAF\ShowSet.htm, N/A) 正在运行的进程 [PID: 632][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 700][\？\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 740][\？\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4116] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299] [PID: 784][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 本文来自(www.dngz.net) [PID: 796][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 952][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1048][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1144][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [PID: 1188][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1244][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1600][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 1736][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020] [PID: 1776][D:\杀毒软件\KAV\KPfwSvc.EXE] [Kingsoft Corporation, 2005, 9, 5, 28] [PID: 1824][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [PID: 544][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1088][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [PID: 1460][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 1916][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86] dngz.net您的电脑医生 [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\阅读软件\Adobe reader 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400] [D:\下载工具\迅雷\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2] [D:\阅读软件\Adobe reader 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [D:\杀毒软件\KAV\KAVEXT.DLL] [Kingsoft Corporation, 2005, 8, 5, 16] [PID: 1932][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 256][D:\杀毒软件\KAV\KAVStart.exe] [Kingsoft Corporation, 2006, 11, 10, 212] [D:\杀毒软件\KAV\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20] [D:\杀毒软件\KAV\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84] [D:\杀毒软件\KAV\PopSprt3.dll] [Kingsoft Corporation, 2006, 9, 26, 38] [D:\杀毒软件\KAV\KAVPassp.dll] [Kingsoft Corporation, 2006, 9, 7, 270] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 276][C:\Program Files\VIA\RAID\raid_tool.exe] [VIA Technologies, 4, 0, 6, 0] [C:\Program Files\VIA\RAID\drvInterface.dll] [VIA, 4, 0, 4, 0] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 1984][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.40] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 2012][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5155] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5155] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5155] dngz.net版权所有 [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5155] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 476][D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\avp.exe] [Kaspersky Lab, 6.0.1.411] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\prremote.dll] [Kaspersky Lab, 6.0.1.411] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 6.0.5.0] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\AVPGS.PPL] [Kaspersky Lab, 6.0.1.411] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 6.0.1.411] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]

[d:\杀毒软件\kaspersky anti-virus personal pro\pxstub.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\params.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\winreg.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\avpgui.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\nfio.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\basegui.ppl] [Kaspersky Lab, 6.0.1.411] [d:\杀毒软件\kaspersky anti-virus personal pro\thpimpl.ppl] [Kaspersky Lab, 6.0.1.411] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [d:\杀毒软件\kaspersky anti-virus personal pro\qb.ppl] [Kaspersky Lab, 6.0.1.411] [PID: 672][D:\杀毒软件\KAV\KMailMon.EXE] [Kingsoft Corporation, 2006, 12, 27, 942] [D:\杀毒软件\KAV\KAntiSpm.dll] [Kingsoft Corporation, 2006, 8, 19, 104] [D:\杀毒软件\KAV\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20] ~ [D:\杀毒软件\KAV\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7] [D:\杀毒软件\KAV\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60] [D:\杀毒软件\KAV\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [D:\杀毒软件\KAV\KAEUnpack.DAT] [Kingsoft Corp., 2006, 10, 26, 69] [D:\杀毒软件\KAV\KAConfig.DLL] [Kingsoft Corporation, 2006, 10, 30, 39] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [PID: 688][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]

[PID: 528][D:\杀毒软件\KAV\KPFW32.EXE] [Kingsoft Corporation, 2006, 12, 11, 666] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\杀毒软件\KAV\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20] [D:\杀毒软件\KAV\KAConfig.DLL] [Kingsoft Corporation, 2006, 10, 30, 39] [D:\杀毒软件\KAV\FiltList.dll] [N/A, N/A] [D:\杀毒软件\KAV\KAVPassp.DLL] [Kingsoft Corporation, 2006, 9, 7, 270] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [D:\杀毒软件\KAV\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72] [PID: 2160][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2304][D:\阅读软件\Adobe reader 7.0\Reader\reader_sl.exe] [Adobe Systems Incorporated, 7.0.0.0] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [PID: 2032][D:\聊天软件\QQ2006\QQ.exe] [TENCENT, 0, 0, 0, 0] , [D:\聊天软件\QQ2006\QQBaseClassInDll.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\QQHelperDll.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\聊天软件\QQ2006\QQAPI.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\TIMProxy.dll] [tencent, 0, 3, 2, 4] [D:\聊天软件\QQ2006\LoginCtrl.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1] [D:\聊天软件\QQ2006\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1] [D:\聊天软件\QQ2006\QQRes.dll] [tencent, 1, 0, 0, 1] [D:\聊天软件\QQ2006\QQMainFrame.dll] [N/A, N/A] [D:\聊天软件\QQ2006\CQQApplication.dll] [N/A, N/A] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\聊天软件\QQ2006\NewSkin.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\HostingMgr.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\CameraDll.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\MailSummary.dll] [, 1, 0, 0, 1] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [D:\杀毒软件\KAV\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72] [D:\聊天软件\QQ2006\QQSpace.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [D:\聊天软件\QQ2006\QQGroupMng.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\GroupLive.dll] [N/A, N/A] [D:\聊天软件\QQ2006\UserDefinedHead.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\QQPlugin.dll] [N/A, N/A] [D:\聊天软件\QQ2006\QQConfigPlugin.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\QRingMng.dll] [N/A, N/A] [D:\聊天软件\QQ2006\PhoneAPI.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [D:\聊天软件\QQ2006\VPortal.dll] [, 1, 0, 0, 4] . [D:\聊天软件\QQ2006\QQSysMsgMng.dll] [N/A, N/A] [D:\聊天软件\QQ2006\QQAvatar.dll] [N/A, N/A] [D:\聊天软件\QQ2006\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\聊天软件\QQ2006\LongConnection.dll] [tencent, 5, 0, 200, 160] [D:\聊天软件\QQ2006\QQAllInOne.dll] [N/A, N/A] [D:\聊天软件\QQ2006\SCCore.dll] [TENCENT, 2, 0, 0, 1] [D:\聊天软件\QQ2006\QQPet.dll] [, 1, 0, 0, 1] [D:\聊天软件\QQ2006\QQCustomFace.dll] [N/A, N/A] [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0] [D:\聊天软件\QQ2006\GroupConnection.dll] [Tencent, 0, 3, 3, 5] [D:\聊天软件\QQ2006\QQSceneMng.dll] [N/A, N/A] [D:\聊天软件\QQ2006\BQQApplication.dll] [N/A, N/A] [PID: 1224][D:\聊天软件\QQ2006\TIMPlatfrom.exe] [tencent, 0, 3, 1, 8] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\聊天软件\QQ2006\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 192][D:\聊天软件\QQ2006\qqpet\qqpet.exe] [腾讯公司, 2, 40, 102, 1] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\聊天软件\QQ2006\qqpet\QQPetResDownload.dll] [, 6, 1, 101, 55] [D:\聊天软件\QQ2006\qqpet\QQPetCommunity.dll] [, 6, 2, 101, 1] [PID: 1864][C:\Documents and Settings\Administrator\桌面\s\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [D:\杀毒软件\KAV\KMailOEBand.dll] [Kingsoft Corporation, 2006, 9, 7, 132] [D:\杀毒软件\KAV\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\杀毒软件\Kaspersky Anti-Virus Personal Pro\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [D:\杀毒软件\KAV\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72] 文件关联 . .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. [＂%1＂ %*] .COM OK. [＂%1＂ %*] .PIF OK. [＂%1＂ %*] .REG OK. [regedit.exe ＂%1＂] .BAT OK. [＂%1＂ %*] .SCR OK. [＂%1＂ /S] .CHM OK. [＂C:\WINDOWS\hh.exe＂ %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .JS OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] Winsock 提供者 N/A Autorun.inf N/A HOSTS 文件 127.0.0.1 localhost API HOOK 警告！System Repair Engineer 提醒 你下面的函数内容与预期值不符，他 们可能被一些恶意的软件所修改： RVA 错误： LoadLibraryA RVA 错误： LoadLibraryExA RVA 错误： LoadLibraryExW RVA 错误： LoadLibraryW

厉害 `````````````````学习中

启动项，注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] (twin)(C:\WINDOWS\system32\twunk32.exe) [N/A] (wsctf.exe)(C:\WINDOWS\system32\wsctf.exe) [N/A] 摆渡一下到处都有解决方法的 杀毒软件卸载一个

wsctf.exe又是这个，好像是通过U盘传播的。:L

我也中了这个毒，有没有解决方法

这种病毒用目前的杀毒软件是无法查杀的，我的方法是用强制删除软件。比如用killbox软件。第一步，在安全模式下删除以下文件：twunk32.exe（系统隐藏属性）、windhcp.ocx、windhcp.dll文件，并抑制生成，以上文件位于windows目录下的system32下；第二步，在安全模式下，删除svch0st.exe、timplatf0rm.exe、sc0nfig.exe这些文件，位于windows目录下的temp目录，并抑制生成。最好是把你的ＱＱ也一并删除然后重装，最后在组策略里把这些文件给禁止运行，重启后没了！ 本文来自 www.dngz.net 补：还有就是用regedt32文件把注册表项的HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run设为禁用。

补充一下，昨天发贴前已经作了部分处理，找到一个叫暴力杀灭天王的软件杀灭并抑制生成了twunk32.exe、wsctf.exe，SRE提示HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit正常键值应为C：\WINDOWS\System32\Userinit.exe,被改为userinit.exe,wscwsctf.exe。userinit.exe只找到一个，关键进程不敢动。修改或删除相关注册表项后重启，开机自动运行两个叫twunk32.exe、wsctf.exe的空文件夹（暴力天王的作品吧，把空文件夹隐藏为程序然后占据原程序位置？）。随即发帖，当时系统运行龟速，不能上网（被已被病毒破坏的防火墙阻碍？），SRE扫描中的QQ是为传出扫描报告所用。 发帖后卸载两个杀毒软件，IE回复正常，系统运行有所改善，CAD、FLASH等软件可以使用，运行魔兽提示DX9未找到（已安装）。 今天看到回帖后查找了svch0st.exe、timplatf0rm.exe、sc0nfig.exe、windhcp.ocx、windhcp.dll均全盘未发现（包括系统文件和隐藏文件），之前也已上网搜索了twunk32.exe、wsctf.exe，查到的类似方法都有找不到他们所提到的文件的问题，似乎是变种。。。。。。。。。。。 请哪位高手帮忙看看扫描报告吧，谢谢了，救命了。。。。。我有一个建筑设计和一个flash流媒体播放器都得交工了阿，这样做起来两三下就蓝屏阿:'(

关注中，还没看到过。。

lz厉害 关注ing

重做系统后不要装QQ.如果是QQ是在别的盘的.最好要删除.再装网卡,接着用卡吧杀一次.最好是断网来杀,记得更新卡巴.. 做完.把威金补丁打上再接网. 我也试过.但不知对你有没有用.

一样的...CAO 我也中了．．． wsctf.exe又是这个 期待．．．