打印

伪装Qos木马和Troj.Fake ntserv恶意软件

本主题由黑白徽章于 2008-4-17 13:57 移动

a5224040

新兵

积分: 3
威望: 5
元宝: 0
铜钱: 3

1楼大中小发表于 2008-4-17 13:43 只看该作者

伪装Qos木马和Troj.Fake ntserv恶意软件

辛苦的金山工作人员，我的电脑中了这2个恶意软件，无法查杀，杀了又有。怎么也去不了。
这是小鸟的诊断报告。小鸟万分火急。速度帮帮忙啊。
==============================================================
      金山清理专家系统诊断报告

该诊断报告由金山清理专家提供 http://www.duba.net
==============================================================

诊断时间:       2008-04-17, 13:13
诊断平台:       Windows XP [5.1.2600] Service Pack 2
IE版本:       Internet Explorer V6.0.2180.2900
计算机物理内存:  1015(MB)
当前可用内存: 559(MB)
硬盘总大小:    144(GB)
硬盘可用空间: 136(GB)
清理专家版本: 2008,03,26,471
恶意软件库版本:  2008.04.11.3
漏洞库版本:    2008.04.09.1

==============================================================
      启动文件夹位置
==============================================================

Common Startup:    C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Startup:          C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Common Startup:    %ALLUSERSPROFILE%\「开始」菜单\程序\启动

==============================================================
      文件扩展名关联
==============================================================

.M3U          <"D:\Program Files\KuGou\KuGou2008\KuGoo.exe" /Open "%1">
文件路径: D:\Program Files\KuGou\KuGou2008\KuGoo.exe [分析中]

.WMA          <"D:\Program Files\KuGou\KuGou2008\KuGoo.exe" /Open "%1">
文件路径: D:\Program Files\KuGou\KuGou2008\KuGoo.exe [分析中]

.MP3          <"D:\Program Files\KuGou\KuGou2008\KuGoo.exe" /Open "%1">
文件路径: D:\Program Files\KuGou\KuGou2008\KuGoo.exe [分析中]

==============================================================
      Host File
==============================================================

127.0.0.1  www.cike007.cn
127.0.0.1  www.exiao01.com
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  up.22x44.com

==============================================================
      当前进程
==============================================================

名称:    KuGoo.exe  [已启用]
命令行: "D:\Program Files\KuGou\KuGou2008\KuGoo.exe"
文件路径: D:\Program Files\KuGou\KuGou2008\KuGoo.exe  [分析中] (酷狗音乐)
模块文件: C:\WINDOWS\system32\ntdll.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\kernel32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\oleaut32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ADVAPI32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\RPCRT4.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\Secur32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\GDI32.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USER32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msvcrt.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ole32.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msimg32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\version.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\mpr.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHLWAPI.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\wininet.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\CRYPT32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSASN1.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\shell32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\winspool.drv             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\comdlg32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\oleacc.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSVCP60.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\winmm.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHFolder.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ws2_32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WS2HELP.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\dsound.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\quartz.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\netapi32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\IMM32.DLL                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\LPK.DLL                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USP10.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\uxtheme.dll             (Microsoft Corporation)
模块文件: C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll       (TENCENT)
模块文件: C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL (Kingsoft Corporation)
模块文件: C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll (Kingsoft Corporation)
模块文件: C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL (Microsoft Corporation)
模块文件: C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll (Microsoft Corporation)
模块文件: C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSCTF.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msctfime.ime             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WINTRUST.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\IMAGEHLP.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\wdmaud.drv             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msacm32.drv             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSACM32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\midimap.dll             (Microsoft Corporation)
模块文件: D:\Program Files\KuGou\KuGou2008\kgplaycomm.dll
模块文件: C:\WINDOWS\system32\olepro32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\wsock32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\RASAPI32.DLL             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\rasman.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\TAPI32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\rtutils.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msv1_0.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\iphlpapi.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USERENV.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\urlmon.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\mswsock.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\DNSAPI.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\rasadhlp.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\hnetcfg.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\wshtcpip.dll             (Microsoft Corporation)
模块文件: D:\Program Files\KuGou\KuGou2008\cdread.dll
模块文件: C:\WINDOWS\System32\winrnr.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WLDAP32.dll             (Microsoft Corporation)
模块文件: D:\Program Files\KuGou\KuGou2008\SkinRes.dll
模块文件: C:\WINDOWS\system32\CLBCATQ.DLL             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\COMRes.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\shdocvw.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\CRYPTUI.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\appHelp.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\shdoclc.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\xpsp2res.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\mlang.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SETUPAPI.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\cscui.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\CSCDLL.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\mshtml.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msls31.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\PSAPI.DLL                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\KsUser.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msimtf.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\jscript.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\dxtrans.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ATL.DLL                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ddrawex.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\DDRAW.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\DCIMAN32.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\dxtmsft.dll             (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SXS.DLL                (Microsoft Corporation)

TOP

黑白徽章

BO

上将(超级版主)

低调

积分: 14638
威望: 31339
元宝: 70
铜钱: 610

最勤奋版主星光奖音乐之花最佳伯乐勋章辛苦奖清理专家季度伯乐最佳勋章伯乐感恩勋章启动小师傅安全之星勋章启动项智多星进程智多星奥运安全智多星 QQ皮肤达人最佳红客爱毒霸社区技术大师爱毒霸社区技术拉风人物电脑技术指导电脑技术专家奥运小密探周刊评论员 PhotoShop 愛好者動畫設計者網頁設計者我有博客家有寵物