瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助:各位大虾,我中了dropper.agent.bfj,不能干净地去除,怎么办?谢谢

1   1  /  1  页   跳转

求助:各位大虾,我中了dropper.agent.bfj,不能干净地去除,怎么办?谢谢

收藏
cullue
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-03-15
  • 来自:
发表于: 2006-04-07 11:05 | 只看楼主 短消息 资料
字号: 1楼

求助:各位大虾,我中了dropper.agent.bfj,不能干净地去除,怎么办?谢谢

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      10:36:52, 日期 2006-4-7
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Lemontree\WinpopupX\WinpopupX.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\MIX\Backup\AntiVirus\Tools\HijackThis\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200638_8868.dll
O2 - BHO: MSN 搜索工具栏 Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - IE工具栏增项: MSN 搜索工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] rem C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - 启动项HKLM\\Run: [IntelWireless] rem C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [Dell QuickSet] rem C:\Program Files\Dell\QuickSet\quickset.exe
O4 - 启动项HKLM\\Run: [PCMService] rem "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - 启动项HKLM\\Run: [DVDLauncher] rem "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - 启动项HKLM\\Run: [IMSCMig] rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [YDTMain.exe] rem C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [qcsszjcz] rem C:\WINDOWS\system32\qcssbl9.exe
O4 - 启动项HKLM\\Run: [iTunesHelper] rem "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [sysupate] rem C:\WINDOWS\system32\NtSysUpdate.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Shortcut to WinpopupX.lnk = E:\Program Files\Lemontree\WinpopupX\WinpopupX.exe
O8 - IE右键菜单中的新增项目: MSN 搜索(&M) - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll/search.htm
O8 - IE右键菜单中的新增项目: 在新的前台选项卡中打开 - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/230?6432e628bef04c2ea5865f4d7635d4b
O8 - IE右键菜单中的新增项目: 在新的后台选项卡中打开 - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/229?6432e628bef04c2ea5865f4d7635d4b
O11 - Options group: [!CNS]  3721Assistant - Addressbar Search
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ebz-sh.cn
O17 - HKLM\Software\..\Telephony: DomainName = ebz-sh.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C7A4BF9-1124-4CCD-9AB5-82CFB8BC1BE4}: NameServer = 192.168.121.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ebz-sh.cn
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C7A4BF9-1124-4CCD-9AB5-82CFB8BC1BE4}: NameServer = 192.168.121.150
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - NT 服务: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - NT 服务: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: SDAgent Service (SDAgentService) - Unknown owner - C:\Program Files\Common Files\smartde\sde.exe (file missing)
O23 - NT 服务: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

最后编辑2006-04-09 09:27:56
分享到:
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-04-07 12:20 | 短消息 资料
字号: 2楼

【回复“cullue”的帖子】
修复
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200638_8868.dll
O4 - 启动项HKLM\\Run: [YDTMain.exe] rem C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [qcsszjcz] rem C:\WINDOWS\system32\qcssbl9.exe
O4 - 启动项HKLM\\Run: [sysupate] rem C:\WINDOWS\system32\NtSysUpdate.exe

卸载
C:\Program Files\YDT\

删除
C:\Program Files\YDT\
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200638_8868.dll
C:\WINDOWS\system32\qcssbl9.exe
C:\WINDOWS\system32\NtSysUpdate.exe


===========
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
这是什么程序
请楼主确认一下
gototop
 
cullue
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-03-15
  • 来自:
发表于: 2006-04-09 09:27 | 只看楼主 短消息 资料
字号: 3楼

非常感谢 不言放弃 的细心、耐心与热情,谢谢。
至于NCLAUNCH.EXE,呵呵我也不知道了,没有找到任何相关信息,
可能以前删除了。。。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT