瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助!!!电脑中了backdorr.win32.rbot.cc这个病毒....

12   1  /  2  页   跳转

求助!!!电脑中了backdorr.win32.rbot.cc这个病毒....

收藏
中庸半才
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-11-16
  • 来自:
发表于: 2005-11-16 11:08 | 只看楼主 短消息 资料
字号: 1楼

求助!!!电脑中了backdorr.win32.rbot.cc这个病毒....

电脑中了backdorr.win32.rbot.cc这个病毒,怎么也杀不掉,怎么办?
最后编辑2005-11-17 15:04:37
分享到:
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-16 11:14 | 短消息 资料
字号: 2楼

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼
gototop
 
中庸半才
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-11-16
  • 来自:
发表于: 2005-11-16 15:39 | 只看楼主 短消息 资料
字号: 3楼

【回复“BlackStone”的帖子】
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AddrPlus2Tencentc:\program files\tencent\addrplus\qahook.dll

+ AddrPlus3File not found: C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll

+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll

+ CnxDslTaskBarTaskBar ApplicationConexant Systems Inc.c:\program files\adsl\accessrunner adsl\cnxdsltb.exe

+ halohhdFile not found: C:\WINDOWS\System32\bveercdfygx.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ ServicesFile not found: c:\sxe6.tmp

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

C:\Documents and Settings\An Qiao\「开始」菜单\程序\启动

+ 腾讯TM.lnkTM腾讯公司c:\program files\tencent\tm\tmshell.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ KavPFWFile not found: C:\KAV2005\KavPFW.exe

HKLM\System\CurrentControlSet\Services

+ KPfwSvcFile not found: C:\KAV2005\KPfwSvc.EXE

+ KWatchSvc金山毒霸文件实时防毒服务程序File not found: C:\KAV2005\KWatch.EXE

+ LexBceSLexBce ServiceLexmark International, Inc.c:\windows\system32\lexbces.exe

+ lsassMicrosoft Path Finder Service Displays Internet Routing Paths.c:\windows\lsass.exe

+ netconf32Network Configurationc:\windows\netconf32.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ winarcManages compression on files.c:\windows\devldr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ hggdb.dllc:\windows\system32\hggdb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ KAVIEHelper Class金山毒霸安全助手金山软件股份有限公司c:\program files\kos\kosiebar.dll

+ MSEvents Objectc:\windows\system32\awvsr.dll

+ {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}c:\windows\system32\hggdb.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll

+ 金山毒霸安全助手金山毒霸安全助手金山软件股份有限公司c:\program files\kos\kosiebar.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

+ 一搜YiSou ToolBar 3721c:\program files\yisou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=54554_1006

+ 腾讯QQFile not found: C:\Program Files\Tencent\QQ\QQ.EXE

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138

+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns

Task Scheduler

+ DDD_Install_Program.jobFile not found: C:\DOCUME~1\ANQIAO~1\LOCALS~1\Temp\is-VQ3HH.tmp\dudu.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ hggdbc:\windows\system32\hggdb.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Lenovo Network PortLEXLMPM DLLLexmark International, Inc.c:\windows\system32\lexlmpm.dll
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-16 15:45 | 短消息 资料
字号: 4楼

+ lsassMicrosoft Path Finder Service Displays Internet Routing Paths.c:\windows\lsass.exe
+ netconf32Network Configurationc:\windows\netconf32.exe
+ winarcManages compression on files.c:\windows\devldr.exe


+ hggdb.dllc:\windows\system32\hggdb.dll

+ MSEvents Objectc:\windows\system32\awvsr.dll

+ {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}c:\windows\system32\hggdb.dll

+ DDD_Install_Program.jobFile not found: C:\DOCUME~1\ANQIAO~1\LOCALS~1\Temp\is-VQ3HH.tmp\dudu.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ hggdbc:\windows\system32\hggdb.dll

禁用
重启
删除对应的文件试试
gototop
 
中庸半才
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-11-16
  • 来自:
发表于: 2005-11-16 16:13 | 只看楼主 短消息 资料
字号: 5楼

ProcessPIDCPUDescriptionCompany Name
System Idle Process069.30
Interruptsn/aHardware Interrupts
DPCsn/a2.63Deferred Procedure Calls
System41.75
  SMSS.EXE420Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE5004.39Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE524Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE5684.39Services and Controller appMicrosoft Corporation
    SVCHOST.EXE736Generic Host Process for Win32 ServicesMicrosoft Corporation
      TIMPlatform.exe1572TIMPlatformtencent
    SVCHOST.EXE760Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE844Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE932Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe9480.88RavMonBeijing Rising Technology Co., Ltd.
      RavStub.exe996Rising Rav StubBeijing Rising Technology Co., Ltd.
    LEXBCES.EXE1116LexBce ServiceLexmark International, Inc.
      LEXPPS.EXE1156LEXPPS.EXELexmark International, Inc.
    SPOOLSV.EXE1148Spooler SubSystem AppMicrosoft Corporation
    CCenter.exe1344CCenterrising
    LSASS.EXE580LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE18201.75Windows ExplorerMicrosoft Corporation
RUNDLL32.EXE1964Run a DLL as an AppMicrosoft Corporation
RUNDLL32.EXE320Run a DLL as an AppMicrosoft Corporation
CnxDslTb.exe3360.88TaskBar ApplicationConexant Systems Inc.
YLive.exe344YLive
yassistse.exe356AssistSettingYahoo!
RavTimer.exe380RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe408RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.
CTFMON.EXE780CTF LoaderMicrosoft Corporation
IEXPLORE.EXE2568Internet ExplorerMicrosoft Corporation
procexp.exe290011.40Sysinternals Process ExplorerSysinternals
IEXPLORE.EXE3052Internet ExplorerMicrosoft Corporation
TM.EXE1576
gototop
 
中庸半才
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-11-16
  • 来自:
发表于: 2005-11-16 16:20 | 只看楼主 短消息 资料
字号: 6楼

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AddrPlus2Tencentc:\program files\tencent\addrplus\qahook.dll

+ AddrPlus3File not found: C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll

+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll

+ CnxDslTaskBarTaskBar ApplicationConexant Systems Inc.c:\program files\adsl\accessrunner adsl\cnxdsltb.exe

+ halohhdFile not found: C:\WINDOWS\System32\bveercdfygx.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RXJFile not found: C:\WINDOWS\System32\nipspwb.exe

+ ServicesFile not found: c:\sxe6.tmp

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

C:\Documents and Settings\An Qiao\「开始」菜单\程序\启动

+ 腾讯TM.lnkTM腾讯公司c:\program files\tencent\tm\tmshell.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ KavPFWFile not found: C:\KAV2005\KavPFW.exe

HKLM\System\CurrentControlSet\Services

+ KPfwSvcFile not found: C:\KAV2005\KPfwSvc.EXE

+ KWatchSvc金山毒霸文件实时防毒服务程序File not found: C:\KAV2005\KWatch.EXE

+ LexBceSLexBce ServiceLexmark International, Inc.c:\windows\system32\lexbces.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ hggdb.dllc:\windows\system32\hggdb.dll

+ hggdb.dllc:\windows\system32\hggdb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ KAVIEHelper Class金山毒霸安全助手金山软件股份有限公司c:\program files\kos\kosiebar.dll

+ MSEvents Objectc:\windows\system32\awvsr.dll

+ MSEvents Objectc:\windows\system32\awvsr.dll

+ {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}c:\windows\system32\hggdb.dll

+ {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}c:\windows\system32\hggdb.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll

+ 金山毒霸安全助手金山毒霸安全助手金山软件股份有限公司c:\program files\kos\kosiebar.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

+ 一搜YiSou ToolBar 3721c:\program files\yisou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=54554_1006

+ 腾讯QQFile not found: C:\Program Files\Tencent\QQ\QQ.EXE

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138

+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ hggdbc:\windows\system32\hggdb.dll

+ hggdbc:\windows\system32\hggdb.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Lenovo Network PortLEXLMPM DLLLexmark International, Inc.c:\windows\system32\lexlmpm.dll
gototop
 
ヘ网络农民ヘ
头像
叱咤花甲狮
  • 帖子:2980
  • 注册: 2004-09-12
  • 来自:
发表于: 2005-11-16 16:24 | 短消息 资料
字号: 7楼


请用最新版Hijackthis1.99.1扫描一个log贴上来。

hijackThis下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
gototop
 
xiaoyuwzc21
头像
初生襁褓狮
  • 帖子:656
  • 注册: 2005-06-19
  • 来自:
发表于: 2005-11-16 17:03 | 短消息 资料
字号: 8楼

好多人说上了这个论坛就中这个木马呀 我好怕呀 系米真加
gototop
 
ヘ网络农民ヘ
头像
叱咤花甲狮
  • 帖子:2980
  • 注册: 2004-09-12
  • 来自:
发表于: 2005-11-16 17:23 | 短消息 资料
字号: 9楼

引用:
【xiaoyuwzc21的贴子】好多人说上了这个论坛就中这个木马呀 我好怕呀 系米真加
...........................


.......晕..

我真的没话说了。. ...
gototop
 
中庸半才
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-11-16
  • 来自:
发表于: 2005-11-17 10:04 | 只看楼主 短消息 资料
字号: 10楼

Logfile of HijackThis v1.99.2
Scan saved at 10:03:38, on 2005-11-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\devldr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\DOCUME~1\ANQIAO~1\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\hggdb.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: KAVIEHelper Class - {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} - C:\Program Files\KOS\KOSIEBar.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\Program Files\HBClient\hapast.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\awvsr.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: 金山毒霸安全助手 - {EF72500A-C234-46C4-BF0A-9AA6913DDF34} - C:\Program Files\KOS\KOSIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [AddrPlus3] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32
O4 - HKLM\..\Run: [AddrPlus2] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32
O4 - HKLM\..\Run: [halohhd] C:\WINDOWS\System32\dzkjbr.exe
O4 - HKLM\..\Run: [RXJ] C:\WINDOWS\System32\qxsignukfc.exe
O4 - HKLM\..\Run: [Services] c:\sxe6.tmp
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KavPFW.exe"
O4 - Startup: 腾讯TM.lnk = C:\Program Files\Tencent\TM\TMShell.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=54554_1006 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [TBH]  QQ地址栏搜索插件
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D7B4D5-E7A8-4E99-9E9C-66B9F2E97C88}: NameServer = 202.102.128.68 202.102.134.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{09D7B4D5-E7A8-4E99-9E9C-66B9F2E97C88}: NameServer = 202.102.128.68 202.102.134.68
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: awvsr - C:\WINDOWS\System32\awvsr.dll
O20 - Winlogon Notify: hggdb - C:\WINDOWS\SYSTEM32\hggdb.dll
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - C:\KAV2005\KPfwSvc.EXE (file missing)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - C:\KAV2005\KWatch.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\devldr.exe
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT