瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 斑竹请进(我中了trojandownloader.qoologic.ba)

1   1  /  1  页   跳转

斑竹请进(我中了trojandownloader.qoologic.ba)

收藏
2不夜之侯
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-01-16
  • 来自:
发表于: 2006-01-16 09:54 | 显示全部 短消息 资料
字号: 1楼

斑竹请进(我中了trojandownloader.qoologic.ba)

我中了trojandownloader.qoologic.ba,用江民瑞星都清除失败,用**删了,可用查又有了。



Logfile of HijackThis v1.99.1
Scan saved at 9:51:15, on 2006-1-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KV2006\KVSrvXP.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\KV2006\KVMonXP.kxp
C:\WINDOWS\System32\wuauclt.exe
E:\天网防火墙\Firewall\PFW.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\KV2006\KvXP.kxp
C:\Program Files\KV2006\TrojDie.kxp
C:\Program Files\KV2006\FrogAgent.exe
C:\Program Files\KV2006\KRegEx.exe
C:\Program Files\KV2006\UIHost.exe
E:\东莞证券\TDXW.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\ruixing\155847200541134207\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\bt下载软件\Plugins\RazaWebHook.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\UCSETU~1.EXE\UC\UCddt\ddtinit.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - C:\Program Files\KV2006\kvbho.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - D:\UCSETU~1.EXE\UC\UCddt\ddtkillw.ocx
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2006\KvShell.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\网际士快斐车礬\FLASHGET\jccatch.dll (file missing)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\UCSETU~1.EXE\UC\UCddt\DDTONG~1.DLL
O3 - Toolbar: (no name) - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\Toolbar.dll (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [KvMonXP] C:\Program Files\KV2006\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\天网防火墙\Firewall\PFW.exe
O4 - HKLM\..\RunServices: [ccenter] ; C:\Program Files\rising\Rav\CCenter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KvXP] C:\Program Files\KV2006\KvXP.kxp /ScanBoot /ScanSys
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent
O8 - Extra context menu item: &使用迅雷下载 - E:\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\迅雷\getallurl.htm
O8 - Extra context menu item: Download with &Shareaza - res://D:\bt下载软件\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用影音传送带下载 - E:\影音传送带\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - E:\影音传送带\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - Extra context menu item: 使用新浪下载助手下载 - D:\UCSETU~1.EXE\UC\UCddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\网际快车\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\网际快车\FLASHGET\jc_all.htm
O8 - Extra context menu item: 加入POCO网摘(&K) - http://my.poco.cn/fav/rightClick.php
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 我的POCO网摘(&O) - http://my.poco.cn/fav/open_myfav.php
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 火狐Flash保存 - C:\PROGRA~1\FLASHP~1\PlugIns\GetFlash.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\UCSetup_2005II.exe\UC\UC.exe
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\网际快车\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\网际快车\FLASHGET\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\UCSETU~1.EXE\UC\UCddt\DDTONG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\UCSETU~1.EXE\UC\UCddt\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\UCSETU~1.EXE\UC\UCddt\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - D:\UCSETU~1.EXE\UC\UCddt\rssband.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O10 - Unknown file in Winsock LSP: c:\program files\kv2006\kvsock_1.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bbsky.wuhan.net.cn/cjw/plugin/PowerPlr.ocx
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3087FF08-3E44-47B9-830C-DB4129DCF16F}: NameServer = 222.41.52.3,61.232.202.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{3087FF08-3E44-47B9-830C-DB4129DCF16F}: NameServer = 222.41.52.3,61.232.202.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{3087FF08-3E44-47B9-830C-DB4129DCF16F}: NameServer = 222.41.52.3,61.232.202.158
O17 - HKLM\System\CS3\Services\Tcpip\..\{3087FF08-3E44-47B9-830C-DB4129DCF16F}: NameServer = 222.41.52.3,61.232.202.158
O17 - HKLM\System\CS4\Services\Tcpip\..\{3087FF08-3E44-47B9-830C-DB4129DCF16F}: NameServer = 222.41.52.3,61.232.202.158
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - E:\金山毒霸\KPfwSvc.EXE (file missing)
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - E:\金山毒霸\KWatch.EXE (file missing)
O23 - Service: MPSVC Service (MPSVCService) - Micropoint Corporation - E:\**防御软件\Micropoint\MPSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe





最后编辑2006-01-16 22:27:41
分享到:
gototop
 
2不夜之侯
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-01-16
  • 来自:
发表于: 2006-01-16 09:54 | 显示全部 短消息 资料
字号: 2楼

查出病毒在病毒所在路径    e:\ruixing\瑞星升级包\网络嗅探器\winpcap_3_2alphal.exe
杀毒软件对这病毒的处理结果    清除失败



就是winpcap_3_2alphal.exe这个文件,一开机就有了,删不掉。
gototop
 
2不夜之侯
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-01-16
  • 来自:
发表于: 2006-01-16 22:23 | 显示全部 短消息 资料
字号: 3楼

斑竹怎么不来啊?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT