瑞星卡卡安全论坛

我的机子中了Worm.mail.fanbot,杀来杀去还在,文件路径:c:\WINDOWS\Explorer.EXE
我用autoruns扫了一下日志
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ CnsMin    3721    北京三七二一科技有限公司    c:\windows\downloaded program files\cnsmin.dll

+ NvCplDaemon    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\windows\system32\nvcpl.dll

+ RavMon    RavMon Rising realtime monitor     Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmon.exe

+ RavTimer    RavTimer    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtimer.exe

C:\Documents and Settings\qsh\「开始」菜单\程序\启动           

+ 腾讯QQ.lnk    QQ    TENCENT    e:\新qq程序\qq.exe

HKLM\System\CurrentControlSet\Services           

+ NVSvc    Provides system and desktop level support to the NVIDIA display driver    NVIDIA Corporation    c:\windows\system32\nvsvc32.exe

+ RsCCenter    CCenter    rising    c:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMon    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

+ StdService        AOL Corp.    c:\windows\system32\stdsver.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ cnshook.dll    3721 CNS Module    北京三七二一科技有限公司    c:\windows\downloaded program files\cnshook.dll

+ MsInfo.Dll            File not found: C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.Dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Desktop Explorer    NVIDIA Desktop Explorer, Version 56.55     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu    NVIDIA Desktop Explorer, Version 56.55     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension            File not found: deskpan.dll

+ HyperTerminal Icon Ext    HyperTerminal Applet Library    Hilgraeve, Inc.    c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu    NVIDIA Desktop Explorer, Version 56.55     NVIDIA Corporation    c:\windows\system32\nvshell.dll

+ Play on my TV helper    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\windows\system32\nvcpl.dll

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    RealNetworks, Inc.    c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension            c:\program files\winrar\rarext.dll

+ 粉碎文件    Wiper 动态链接库        c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Web 文件夹            c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ CnsHook Class    3721 CNS Module    北京三七二一科技有限公司    c:\windows\downloaded program files\cnshook.dll

+ DragSearch BHO    DragSearch        c:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ IeCatch2 Class    jccatch Module    Amaze Soft    e:\program files\flashget\jccatch.dll

+ IEHandle Class    IEHandler for ScenicPlayer    江苏科建教育软件有限责任公司    c:\program files\common files\collegesoft\share components\tphandle.dll

+ QQBrowserHelperObject Class    QQIEHelper Module    深圳市腾讯计算机系统有限公司    e:\新qq程序\qqiehelper.dll

+ std software        AOL Corp.    c:\windows\system32\stdup.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ FlashGet Bar    FlashGet IE Bar    Amaze Soft    e:\program files\flashget\fgiebar.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions           

+ &FlashGet    FlashGet    Amaze Soft    e:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864            c:\windows\web\related.htm

+ Yahoo 1G电邮            File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录            File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天            File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 手机短信            File not found: http://sms.3721.com/ie/index.htm

+ 腾讯QQ    QQ    TENCENT    e:\新qq程序\qq.exe

+ 修复浏览器            File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多            File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138

+ 雅虎助手            File not found: http://cn.zs.yahoo.com/?source=Cns

+ 易趣购物            File not found: http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-209?cn=song;icon;hp&mpro=http://www.ebay.com.cn

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors           

+ EPSON V6 Monitor4SA    EPSON Bi-directional Monitor    SEIKO EPSON CORPORATION    c:\windows\system32\ebpmon24.dll