HijackThis_zww汉化版扫描日志 V1.99.1
保存于      0:36:00, 日期 2006-2-10
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\runsin\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\runsin\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
D:\runsin\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe
D:\runsin\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\runsin\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\sunlei\Thunder.exe
D:\runsin\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq資源\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [Lskbdrv] C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
O4 - 启动项HKLM\\Run: [LenSoft] C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe
O4 - 启动项HKLM\\Run: [RavTask] "D:\runsin\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [zcom] C:\Program Files\zcom\zPlatform.exe MIN
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [33wo4] C:\WINDOWS\system32\33wo4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop.ini
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: desktop.ini
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\sunlei\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\sunlei\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\qq資源\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq資源\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq資源\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq資源\SendMMS.htm
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq資源\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq資源\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq資源\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq資源\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\runsin\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\runsin\Rising\Rav\Ravmond.exe

【回复“弦斷有誰聽”的帖子】



请楼主使用下面的两个多引擎扫描器扫描下列文件：
C:\WINDOWS\system32\33wo4.exe
多引擎扫描之Virustotal：

http://www.virustotal.com/
多引擎扫描之Jotti：

http://virusscan.jotti.org/


请务必将报告贴全。

This is a report processed by VirusTotal on 02/10/2006 at 03:47:45 (CET) after scanning the file "33wo4.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 02.09.2006 BDS/VB.aqo
Avast 4.6.695.0 02.09.2006 no virus found
AVG 718 02.09.2006 no virus found
Avira 6.33.0.81 02.09.2006 BDS/VB.aqo
BitDefender 7.2 02.10.2006 no virus found
CAT-QuickHeal 8.00 02.09.2006 Backdoor.VB.aqo
ClamAV devel-20060126 02.09.2006 no virus found
DrWeb 4.33 02.09.2006 Trojan.Click.892
eTrust-InoculateIT 23.71.72 02.09.2006 no virus found
eTrust-Vet 12.4.2072 02.09.2006 no virus found
Ewido 3.5 02.09.2006 Backdoor.VB.aqo
Fortinet 2.54.0.0 02.10.2006 W32/VB.AQO-bdr
F-Prot 3.16c 02.09.2006 no virus found
Ikarus 0.2.59.0 02.09.2006 IRC-Worm.Win32.VB.D
Kaspersky 4.0.2.24 02.10.2006 Backdoor.Win32.VB.aqo
McAfee 4693 02.09.2006 no virus found
NOD32v2 1.1402 02.09.2006 a variant of Win32/TrojanClicker.VB.GG
Norman 5.70.10 02.09.2006 no virus found
Panda 9.0.0.4 02.09.2006 Suspicious file
Sophos 4.02.0 02.09.2006 no virus found
Symantec 8.0 02.10.2006 no virus found
TheHacker 5.9.4.093 02.08.2006 no virus found
UNA 1.83 02.09.2006 Backdoor.VB
VBA32 3.10.5 02.09.2006 Backdoor.Win32.VB.aqo



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Jotti's malware scan 2.99-TRANSITION_TO_3.00

File to upload & scan:         
Service 
Service load:  0%        100% 

File:  33wo4.exe 
Status:  INFECTED/MALWARE 
MD5  d398e03776869af8ea6df7dd31bedde8 
Packers detected:  UPX
Scanner results 
AntiVir  Found Backdoor-Server/VB.aqo backdoor 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found Trojan.Click.892 
F-Prot Antivirus  Found nothing
Fortinet  Found W32/VB.AQO-bdr 
Kaspersky Anti-Virus  Found Backdoor.Win32.VB.aqo 
NOD32  Found a variant of Win32/TrojanClicker.VB.GG 
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found Backdoor.Win32.VB.aqo 
 
Powered by 
             
Disclaimer 
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all! 
 
Statistics 
Last file scanned at least one scanner reported something about: ucmoreiex.exe, detected by:

Scanner  Malware name 
AntiVir  X 
ArcaVir  X 
Avast  X 
AVG Antivirus  X 
BitDefender  BehavesLike:Trojan.WinlogonHook 
ClamAV  X 
Dr.Web  X 
F-Prot Antivirus  X 
Fortinet  X 
Kaspersky Anti-Virus  X 
NOD32  X 
Norman Virus Control  Sandbox: W32/Downloader 
UNA  X 
VBA32  X 


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback

   

Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

安全模式下修复
O4 - 启动项HKLM\\Run: [33wo4] C:\WINDOWS\system32\33wo4.exe
删除
C:\WINDOWS\system32\33wo4.exe