也不知道是什么东西,今天用瑞星杀了38个病毒后,没有杀掉.具体情况是在没有打开IE的情况下,进程中不断弹出很多个IEXPLORE进程以及其他杂名进程(一看就不正常那种),占用了很多内存和CPU资源.
我单位的电脑,系统做了一直精心保护了2年半没重装过,2年半很多东西在里面,被这个该死的病毒搞得我重启后文件损坏不得不重装系统,损失了很多资料.现在我那台电脑刚重装好,因为还没装防火墙一直没敢联网.
风风火火的丢下病机,回到家里(单位在几十公里外),晕,没想到家里中了同样的病毒.我哭.我恨啊!!!我2年半的心血就是被这家伙害了!
PS:单位的电脑除了打打游戏,看看几个正规的网站外,没有乱进过陌生网页.几天前都好好的,回单位打开电脑没一会就中了.奇怪.
下面是我用卡卡导出的日志^ 卡卡?翰林那个?
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 20:28:09, on 2006-11-10
Platform: Microsoft Windows XP Professional (Build 2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000 (xpclient.010817-1148))
Running processes:
[smss.exe]
CommandLine =
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[winlogon.exe]
CommandLine = winlogon.exe
[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe
[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService
[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE
[svhost32.exe]
CommandLine = "C:\WINDOWS\Download\svhost32.exe"
[Update.exe]
CommandLine = "C:\Program Files\Common Files\System\Update.exe"
[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe
[nvsvc32.exe]
CommandLine = C:\WINDOWS\System32\nvsvc32.exe
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k imgsvc
[wdfmgr.exe]
CommandLine = C:\WINDOWS\System32\wdfmgr.exe
[ctfmon.exe]
CommandLine = ctfmon.exe
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"
[Thunder5.exe]
CommandLine = "D:\Thunder Network\Thunder\Program\Thunder5.exe" /222.213.73.58home-6tfia4ygl17EB
[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,default_page_url=http://www.kan3721.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.kan3721.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.kan3721.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.kan3721.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,default_page_url=http://www.kan3721.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.kan3721.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.kan3721.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.kan3721.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.kan3721.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 gaodumm.com
O1 - Hosts: 127.0.0.1 www.gaodumm.com
O1 - Hosts: 127.0.0.1 www.djdj110.com
O1 - Hosts: 127.0.0.1 djdj110.com
O1 - Hosts: 127.0.0.1 www.boda66.com
O1 - Hosts: 127.0.0.1 boda66.com
O1 - Hosts: 127.0.0.1 gaodumm.com
O1 - Hosts: 127.0.0.1 www.gaodumm.com
O1 - Hosts: 127.0.0.1 www.djdj110.com
O1 - Hosts: 127.0.0.1 djdj110.com
O1 - Hosts: 127.0.0.1 www.boda66.com
O1 - Hosts: 127.0.0.1 boda66.com
O1 - Hosts: 127.0.0.1 gaodumm.com
O1 - Hosts: 127.0.0.1 www.gaodumm.com
O1 - Hosts: 127.0.0.1 www.djdj110.com
O1 - Hosts: 127.0.0.1 djdj110.com
O1 - Hosts: 127.0.0.1 www.boda66.com
O1 - Hosts: 127.0.0.1 boda66.com
O1 - Hosts: 127.0.0.1 gaodumm.com
O1 - Hosts: 127.0.0.1 www.gaodumm.com
O1 - Hosts: 127.0.0.1 www.djdj110.com
O1 - Hosts: 127.0.0.1 djdj110.com
O1 - Hosts: 127.0.0.1 www.boda66.com
O1 - Hosts: 127.0.0.1 boda66.com
O2 - BHO: - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (file missing)
O2 - BHO: (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [ANetFox ADClean] "D:\Windows 流氓软件清理大师\clean.exe" /autokill:148,86,48
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - D:\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Thunder Network\Thunder\Thunder.exe
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\QQ\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (PhotoUploadCtrl Control) - http://qz-photo.qq.com/qzone3/QzoneMediaTools.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3107B087-F480-4BB0-9065-D54373011912}: NameServer = 218.6.200.139 61.139.2.69
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui
O23 - Service: 327ABA40 (327ABA40) - - C:\WINDOWS\System32\327aba40.exe -service
O23 - Service: Media Center Receiver Service (ehRecvr) - - C:\WINDOWS\System32\ehrecvr.exe /start
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: kavsvc (kavsvc) - - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O23 - Service: Routing Protect Access (MOVEESS) - - C:\WINDOWS\System32\rundllfromwin2000.exe c:\windows\system32\wbem\vwywnt84.dll,export 1087
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
