瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 [求救]浏览器劫持无法删除,进程每一段时间新建IEXPLORE.EXE

1   1  /  1  页   跳转

[求救]浏览器劫持无法删除,进程每一段时间新建IEXPLORE.EXE

收藏
zhuqide
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-01-27 10:49 | 只看楼主 短消息 资料
字号: 1楼

[求救]浏览器劫持无法删除,进程每一段时间新建IEXPLORE.EXE

查毒显示:
4199/9505/3448    d:\windows\system32\drivers\kv_wvi.sys
查杀重启多少次都不能清除,手动删除也不行
弹出的广告是随机的

请各位大虾帮帮我,救命啊

Logfile of HijackThis v1.99.1
Scan saved at 10:28:13, on 2007-1-27
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\360safe\safemon\360tray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\TTPlayer\TTPlayer.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Administrator\桌面\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: 3294 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - D:\WINDOWS\system32\403dntos.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - D:\Program Files\Common Files\CPUSH\cpush1.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {66fd034b-3d60-49d4-8b0d-4e03f37a8dbf} - D:\WINDOWS\system32\49d4cfsb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX (file missing)
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: 3294 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - D:\WINDOWS\system32\403dntos.dll
O2 - BHO: Riptide BHO - {EFBCA345-14DC-4640-994E-4AF1DFDEB4FD} - D:\Program Files\Riptide\Plugin\Plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: 3294 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - D:\WINDOWS\system32\403dntos.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE D:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [360Safetray] D:\Program Files\360safe\safemon\360tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [QQOnlineUpdate] D:\Program Files\Tencent\QQ\QQUpdate.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &_找本网页音视频链接_ - D:\Program Files\Riptide\Plugin\Monitor.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 找音视频链接 - {CFB84BBD-959B-4fcb-9A03-22ACE091043C} - D:\Program Files\Riptide\Monitor.exe
O9 - Extra 'Tools' menuitem: 找音视频链接 - {CFB84BBD-959B-4fcb-9A03-22ACE091043C} - D:\Program Files\Riptide\Monitor.exe
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B587D2E9-301C-4290-8523-7FC10F048B26}: NameServer = 202.96.128.143
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: cryptimg - D:\WINDOWS\SYSTEM32\cryptig.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - D:\WINDOWS\system32\PvSec.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

附件附件:

下载次数:446
文件类型:image/pjpeg
文件大小:
上传时间:2007-1-27 10:49:08
描述:
预览信息:EXIF信息



最后编辑2007-01-27 12:53:36
分享到:
gototop
 
我不是圣人
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-01-27 10:59 | 短消息 资料
字号: 2楼

我也碰到好几次这种情况!也不知道这样删掉他,很郁闷的,不过我一般就是重新恢复!挺麻烦的.

强烈要求高手指点一下!!
gototop
 
oo123oo3
头像
初生襁褓狮
  • 帖子:1682
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-01-27 12:41 | 短消息 资料
字号: 3楼

带驱动的...
先停掉它的驱动再挂掉他的文件.
gototop
 
soood
头像
健康舞勺狮
  • 帖子:302
  • 注册: 2006-04-01
  • 来自:
发表于: 2007-01-27 13:02 | 短消息 资料
字号: 4楼

双系统啊.木马病毒,不是国宝.断开网络,,打开任务管理器先中断IEXPLORE.EXE进程.用卡卡或瑞星防火墙都可搞定.
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT