瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 如何查杀灰鸽子Backdoor.GPigeon等病毒

123   3  /  3  页   跳转

如何查杀灰鸽子Backdoor.GPigeon等病毒

收藏
奈无
头像
初生襁褓狮
  • 帖子:446
  • 注册: 2005-11-26
  • 来自:
发表于: 2005-11-27 10:09 | 短消息 资料
字号: 21楼

大侠帮帮忙
gototop
 
ヘ网络农民ヘ
头像
叱咤花甲狮
  • 帖子:2980
  • 注册: 2004-09-12
  • 来自:
发表于: 2005-11-27 10:22 | 短消息 资料
字号: 22楼

【回复“奈无”的帖子】
O1 - Hosts: 211.154.219.10 www.readnovel.com
O1 - Hosts: 61.185.51.24 www.iciba.net
O1 - Hosts: 219.238.233.202 www.rising.com.cn
O1 - Hosts: 61.139.126.8 www.fainfo.com
O1 - Hosts: 61.139.126.8 www.fainfo.com
O1 - Hosts: 218.75.150.63 www.lxyz.net
O1 - Hosts: 61.152.173.36 www.12333.gov.cn
O1 - Hosts: 211.157.1.25 www.neworiental.org
O1 - Hosts: 219.133.38.199 jump.qq.com
O1 - Hosts: 218.242.243.26 www.cableplus.com.cn
O1 - Hosts: 211.167.104.6 www.ocn.net.cn
O1 - Hosts: 207.44.226.5 bbs.fazhan.com
O1 - Hosts: 67.15.7.16 www.3down.com
O1 - Hosts: 218.242.174.168 www.fangdi.com.cn
O1 - Hosts: 218.244.110.111 www.ehomeday.com
O1 - Hosts: 202.147.5.135 www.trendmicro.com
O1 - Hosts: 202.106.174.19 www.sda.gov.cn
O1 - Hosts: 219.237.204.99 www.cde.org.cn
O1 - Hosts: 61.141.232.181 www.ccd.org.cn
O1 - Hosts: 218.247.199.228 www.zybh.gov.cn
O1 - Hosts: 218.244.47.203 www.tjhghg.com
O1 - Hosts: 222.66.38.230 www.shanghai-air.com
O1 - Hosts: 61.136.61.144 rss.chinabbs.com
O1 - Hosts: 211.100.23.55 school.uland.com
O1 - Hosts: 61.135.150.230 alumni.chinaren.com
O1 - Hosts: 202.205.11.70 www.eol.cn
O1 - Hosts: 202.120.127.203 www.shu.edu.cn
O1 - Hosts: 202.121.241.7 www.shspu.edu.cn
O1 - Hosts: 202.120.127.87 www.info.shu.edu.cn
O1 - Hosts: 61.129.121.26 www.shmeea.com.cn
O1 - Hosts: 210.34.128.137 www.jmu.edu.cn
O1 - Hosts: 210.35.88.3 www.shiep.edu.cn
O1 - Hosts: 128.83.40.145 www.utexas.edu
O1 - Hosts: 65.163.26.153 www.keuka.edu
O1 - Hosts: 218.16.122.16 www.okbt.com
O1 - Hosts: 219.145.107.11 www.btgod.com
O1 - Hosts: 219.133.31.26 www.szyongguang.com
O1 - Hosts: 202.101.6.71 bt.chinabtbbt.com
O1 - Hosts: 195.245.179.181 crdybtxzlst.blog.com
O1 - Hosts: 195.245.179.181 mlkcrdylsta.blog.com
O1 - Hosts: 195.245.179.181 tmfcrdyxzlst.blog.com
O1 - Hosts: 222.36.40.111 www.wofei.net
O1 - Hosts: 222.36.40.111 btbaby.cn
O1 - Hosts: 218.94.124.36 bbs.btmyth.com
O1 - Hosts: 219.153.10.57 bt.kaicn.com
O1 - Hosts: 61.233.19.231 pd.oo.cn
O1 - Hosts: 222.36.40.111 www.wofei.net
O1 - Hosts: 210.75.23.72 bbs.itbbs.net
O1 - Hosts: 61.129.77.239 bt2.cnxp.com
O1 - Hosts: 61.129.75.76 www.lxy1868.cn
O1 - Hosts: 67.15.7.163 emodao.com
O1 - Hosts: 70.85.93.195 miksmi20.tollfreepage.com
O1 - Hosts: 209.66.123.8 www.proxy4free.com
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUPOST.HTM
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://sueyoshi.aa0.netvolante.jp/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://210.163.212.70/kxhcm10.ocx
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab

删除对应的所在路径的文件。 .
gototop
 
奈无
头像
初生襁褓狮
  • 帖子:446
  • 注册: 2005-11-26
  • 来自:
发表于: 2005-11-28 22:33 | 短消息 资料
字号: 23楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      22:28:26, 日期 2005-11-28
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINXP\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
c:\program files\tencent\tt\ttraveler.exe
C:\Program Files\HTime\HTime.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINXP\SOUNDMAN.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINXP\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\wnwb2005\selectso.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\史晓浩.SXH\LOCALS~1\Temp\Rar$EX00.453\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINXP\system32\xunleibho_v4.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINXP\Downlo~1\ddtinit.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\WINXP\Downlo~1\ddtkillw.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINXP\Downlo~1\DDTONG~1.DLL
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINXP\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [AtiPTA] atiptaxx.exe
O4 - 启动项HKLM\\Run: [HTime] C:\Program Files\HTime\HTime.exe
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINXP\system32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINXP\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [vcdplay] C:\WINXP\system32\mvcdplay.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\RunServices: [mmsk] D:\Program Files\木马杀客\mmsk.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - 启动项HKLM\\RunOnce: [*vcdplay] C:\WINXP\system32\mvcdplay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [vcdplay] C:\WINXP\system32\mvcdplay.exe
O4 - Startup: wnwb.lnk = C:\Program Files\wnwb2005\wnwb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目:  添加到新浪点点通阅读器 - res://C:\WINXP\Downlo~1\RssReader.exe/RSSFEED.js
O8 - IE右键菜单中的新增项目: IBM 翻译设置(&U)... - C:\PROGRA~1\IBM翻~1\Setup.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 翻译全文(&R) - C:\PROGRA~1\IBM翻~1\TransAll.htm
O8 - IE右键菜单中的新增项目: 翻译选中部分(&N) - C:\PROGRA~1\IBM翻~1\TransSel.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINXP\Downlo~1\DDTONG~1.DLL
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 翻译设置 - {8EE35810-C27A-11d3-99D9-52544C292A01} - C:\PROGRA~1\IBM翻~1\Setup.htm (file missing) (HKCU)
O9 - 浏览器额外的按钮: 翻译全文 - {8EE35811-C27A-11d3-99D9-52544C292A01} - C:\PROGRA~1\IBM翻~1\TransAll.htm (file missing) (HKCU)
O9 - 浏览器额外的按钮: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINXP\Downlo~1\rssband.dll (HKCU)
O9 - 浏览器额外的“工具”菜单项: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINXP\Downlo~1\rssband.dll (HKCU)
O9 - 浏览器额外的按钮: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINXP\Downlo~1\rssband.dll (HKCU)
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINXP\system32\mbprot.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - d:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: System Safety Monitor - C:\WINXP\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - NT 服务: btsever - Unknown owner - C:\WINXP\btsever.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINXP\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: System Safety Monitor (SSM) - System Safety - C:\Program Files\System Safety Monitor\SSMService.exe
已删除对应的所在路径的文件,还有木马病毒。
gototop
 
奈无
头像
初生襁褓狮
  • 帖子:446
  • 注册: 2005-11-26
  • 来自:
发表于: 2005-11-28 22:47 | 短消息 资料
字号: 24楼

有Backdoor.GPigeon.tar、Backdoor.Flux.11.a、Backdoor.Flux.11.d、Backdoor.Flux.10
试过用手工删除,找不到_hook.dll.
gototop
 
影子110
头像
叱咤花甲狮
  • 帖子:4210
  • 注册: 2005-04-10
  • 来自:怀黯
发表于: 2005-11-29 17:41 | 短消息 资料
字号: 25楼

关闭IE等不必要的程 序,
清空临时文件夹~~
IE》属性》删除文件(包括脱机文件)》确定

O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINXP\system32\mbprot.dll
修复此项~并删除下面的文件
C:\WINXP\system32\mbprot.dll

O23 - NT 服务: btsever - Unknown owner - C:\WINXP\btsever.exe
这个你先按下面的操作试试~~
开始  》 运行 》输入  Regedit.exe  》确定
打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \

SERVICES分支,删除左栏中的病毒服务名  btsever
重启系统,
打开 我的电脑》工具》文件夹选项》查看》显示所有文件,不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾
查找并删除以下文件
C:\WINXP\btsever.exe
及该文件夹下以btsever为文件名的DLL文件

然后再全盘杀一下毒看看~~~
gototop
 
奈无
头像
初生襁褓狮
  • 帖子:446
  • 注册: 2005-11-26
  • 来自:
发表于: 2005-12-01 23:26 | 短消息 资料
字号: 26楼

谢谢!已清除Backdoor.GPigeon.tar,但Backdoor.Flux.11.a、Backdoor.Flux.11.d、Backdoor.Flux.10还在。
gototop
 
奈无
头像
初生襁褓狮
  • 帖子:446
  • 注册: 2005-11-26
  • 来自:
发表于: 2005-12-04 22:09 | 短消息 资料
字号: 27楼

谢谢!再帮忙看看!
gototop
 
Keren9090
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-08-12
  • 来自:
发表于: 2007-08-14 18:49 | 短消息 资料
字号: 28楼

这个是我的扫描结果
我知道我中毒了
可是我不会杀
请高手帮一下
QQ:105185907
lvminivy@yahoo.com.cn

Logfile of HijackThis v1.99.1
Scan saved at 18:14:05, on 2007-8-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
D:\Downloads\360\360safe\safemon\360tray.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\FlashGet\flashget.exe
D:\Downloads\杀后门灰鸽子时用到的软件\HijackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Downloads\360\360safe\safemon\safemon.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [360Safetray] D:\Downloads\360\360safe\safemon\360tray.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯QQ.lnk = D:\Downloads\QQ2007\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156754453019
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lerte - Unknown owner - C:\WINDOWS\Neroc
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
gototop
 
<<上一主题|下一主题>>
123   3  /  3  页   跳转
页面顶部
Powered by Discuz!NT