ksdb11732126 2008-10-14 18:02
win32.troj.SysjunK2.ak.15936怎么杀不了呀?谁能帮帮忙/
win32.troj.SysjunK2.ak.15936和win32.Hack.RootKit.xd.49152是金山毒霸查出来的木马病毒,可是杀不了呀,求高手指点一下。
ksdb11732126 2008-10-14 18:23
报告
=============================================================
金山清理专家系统诊断报告
该诊断报告由金山清理专家提供 [url]http://www.duba.net[/url]
==============================================================
诊断时间: 2008-10-14, 18:21
诊断平台: Windows Vista [6.0.6001] Service Pack 1
IE版本: Internet Explorer V7.0.18000.6001
计算机物理内存: 2046(MB)
当前可用内存: 822(MB)
硬盘总大小: 131(GB)
硬盘可用空间: 95(GB)
清理专家版本: 2008.07.16.472
恶意软件库版本: 2008.08.06.1
漏洞库版本: 2008.09.02.1
==============================================================
常规启动项
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[Unattend0000000001{05ADE364-9E15-4DB1-9C53-3D8681E83E4C}] <C:\Windows\test.bat>
[lenovostudyhelp] < >
==============================================================
启动文件夹位置
==============================================================
Common Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Startup: C:\Users\q\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Common Startup: %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
==============================================================
Host File
==============================================================
127.0.0.1 localhost
::1 localhost
==============================================================
系统服务
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds
[StartupPrograms] [已启用] <rdpclip>
==============================================================
驱动程序
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
[blbdrive] [已禁用] <\SystemRoot\system32\drivers\blbdrive.sys>
[IpInIp] [已启用] <system32\DRIVERS\ipinip.sys>
[NwlnkFlt] [已启用] <system32\DRIVERS\nwlnkflt.sys>
[NwlnkFwd] [已启用] <system32\DRIVERS\nwlnkfwd.sys>
==============================================================
BHO
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <F:\最终幻想\QQIEHelper02.dll>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <H:\游戏\jii\WebThunderBHO_Now.dll>
[FG2CatchUrl]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll>
[{F79B2338-A6E7-46D4-9202-422AA6E74F43}]
{F79B2338-A6E7-46D4-9202-422AA6E74F43} <C:\Windows\EagleFlt.dll>
==============================================================
当前进程
==============================================================
名称: zhengtu.dav [已启用]
命令行: F:\征途\data\zhengtu.dav 3301926676_2512359353 222.73.225.223:222.73.234.103:222.73.234.114 7000:7000:7000 900 1
文件路径: F:\征途\data\zhengtu.dav [分析中] (上海征途网络科技有限公司)
模块文件: C:\Windows\system32\ntdll.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\kernel32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\user32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\GDI32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\ADVAPI32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\RPCRT4.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\ShimEng.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\apphelp.dll (Microsoft Corporation)
模块文件: C:\Windows\AppPatch\AcGenral.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\SHLWAPI.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\msvcrt.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\UxTheme.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WINMM.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\ole32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\OLEACC.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\NETAPI32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\PSAPI.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\MSACM32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\VERSION.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\sfc.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\sfc_os.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\SETUPAPI.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\USERENV.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\Secur32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\dwmapi.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\urlmon.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\iertutil.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\MPR.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\IMM32.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\MSCTF.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\LPK.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\USP10.dll (Microsoft Corporation)
模块文件: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WININET.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\Normaliz.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WS2_32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\NSI.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\comdlg32.dll (Microsoft Corporation)
模块文件: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\COMCTL32.dll (Microsoft Corporation)
模块文件: F:\征途\data\d3d8.dll
模块文件: C:\Windows\system32\d3d8.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\d3d8thk.dll (Microsoft Corporation)
模块文件: F:\征途\data\fmodex.dll (Firelight Technologies)
模块文件: C:\Windows\system32\WSOCK32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\iphlpapi.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\dhcpcsvc.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\DNSAPI.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WINNSI.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\dhcpcsvc6.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\IconCodecService.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WindowsCodecs.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\nvd3dum.dll (NVidia Corporation)
模块文件: C:\Windows\system32\mswsock.dll (Microsoft Corporation)
模块文件: C:\Windows\System32\wshtcpip.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\dsound.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\POWRPROF.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\CLBCatQ.DLL (Microsoft Corporation)
模块文件: C:\Windows\System32\MMDevApi.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\WINTRUST.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\CRYPT32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\MSASN1.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\imagehlp.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\AUDIOSES.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\audioeng.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\AVRT.dll (Microsoft Corporation)
模块文件: F:\征途\data\LGVideoRender.dll
模块文件: C:\Windows\system32\JPWB.IME (常诚研制)
模块文件: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCTIP.DLL (Microsoft Corporation)
模块文件: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891f\MSVCR80.dll (Microsoft Corporation)
模块文件: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891f\MSVCP80.dll (Microsoft Corporation)
模块文件: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL (Microsoft Corporation)
模块文件: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL (Microsoft Corporation)
模块文件: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL (Microsoft Corporation)
模块文件: C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\MSCAND20.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\MSIMG32.dll (Microsoft Corporation)
模块文件: C:\Windows\system32\mlang.dll (Microsoft Corporation)
模块文件: C:\Windows\SYSTEM32\ime\IMESC5\IMSCTIP.DLL (Microsoft Corporation)
模块文件: C:\Windows\system32\ime\shared\imetip.dll (Microsoft Corporation)
模块文件: C:\Windows\SYSTEM32\ime\IMESC5\IMSCCORE.DLL (Microsoft Corporation)
模块文件: C:\Windows\SYSTEM32\ime\IMESC5\IMSCCFG.DLL (Microsoft Corporation)
模块文件: C:\Program Files\Windows NT\TableTextService\TableTextService.dll (Microsoft Corporation)
ksdb11732126 2008-10-14 18:30
路径
c:\Users\q\AppData\Local\Microsoft\windows\Temporary Internet Files\Con...\temp1.dat和c:\Users\q\AppData\Local\Microsoft\windows\Temporary Internet Files\Con...\file14.dat
ksdb11732126 2008-10-15 19:53
win32.troj.SysjunK2.ak.15936和win32.Hack.RootKit.xd.49152毒霸杀不了?
这俩病毒是金山查出来的。可是杀不了,愁死我了。谁能告诉我咋杀了他们,谢谢!
toto 2008-10-15 19:58
删除
C:\Windows\test.bat
清理临时文件,毒霸升级到最新病毒库全盘查毒
