瑞星软件安装时一打开窗口就被拦截自动关闭了！求助！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛瑞星软件安装时一打开窗口就被拦截自动关闭了！求助！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

瑞星软件安装时一打开窗口就被拦截自动关闭了！求助！

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 01:38 \| 只看楼主短消息资料字号：小中大 1楼瑞星软件安装时一打开窗口就被拦截自动关闭了！求助！ Running processes: [smss.exe] CommandLine = [csrss.exe] CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [winlogon.exe] CommandLine = winlogon.exe [services.exe] CommandLine = C:\WINNT\system32\services.exe [lsass.exe] CommandLine = C:\WINNT\system32\lsass.exe [svchost.exe] CommandLine = C:\WINNT\system32\svchost -k rpcss [spoolsv.exe] CommandLine = C:\WINNT\system32\spoolsv.exe [svchost.exe] CommandLine = C:\WINNT\system32\svchost.exe -k netsvcs [IEXPLORE.EXE] CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank [RUNDLL32.EXE] CommandLine = C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087 [nvsvc32.exe] CommandLine = C:\WINNT\system32\nvsvc32.exe [regsvc.exe] CommandLine = C:\WINNT\system32\regsvc.exe [MSTask.exe] CommandLine = C:\WINNT\system32\MSTask.exe [ServiceX.exe] CommandLine = C:\WINNT\system32\ServiceX.exe [SMAgent.exe] CommandLine = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" [stisvc.exe] CommandLine = C:\WINNT\system32\stisvc.exe [RUNDLL32.EXE] CommandLine = C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087 [WinMgmt.exe] CommandLine = C:\WINNT\System32\WBEM\WinMgmt.exe [svchost.exe] CommandLine = C:\WINNT\system32\svchost.exe -k wugroup [IEXPLORE.EXE] CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [RUNDLL32.EXE] CommandLine = Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32 [mstasks.exe] CommandLine = "C:\WINNT\system32\mstasks.exe" [realsched.exe] CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [RUNDLL32.EXE] CommandLine = "C:\WINNT\system32\Rundll32.exe" "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows [RUNDLL32.EXE] CommandLine = "C:\WINNT\system32\rundll32.exe" C:\PROGRA~1\3721\helper.dll,Rundll32 [RUNDLL32.EXE] CommandLine = "C:\WINNT\system32\RUNDLL32.exe" C:\WINNT\system32\msibm\cfsys.dll,cfs [NTdhcp.exe] CommandLine = "C:\WINNT\system32\NTdhcp.exe" [msnmsgr.exe] CommandLine = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [internat.exe] CommandLine = "C:\WINNT\system32\internat.exe" [Thunder.exe] CommandLine = "E:\新建文件夹\Thunder.exe" [Explorer.EXE] CommandLine = C:\WINNT\explorer.exe [mshta.exe] CommandLine = mshta.exe res://sp3res.dll/default.hta [KkScan.exe] CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.9991.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.9p.cn O1 - Hosts: 127.0.0.1 localhost O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll O2 - BHO: - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINNT\system32\IEBHODLL.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006228_8913.dll O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing) O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: CShowKuroBar Class - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - C:\Program Files\KuroM7\CallToolBar.dll O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: CBHelper Object - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: NewWebController Class - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINNT\system32\AdvSC32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\tbhelper.dll O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\WINNT\system32\kakatool.dll O2 - BHO: (file missing) O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\qylhelper.dll O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll O2 - BHO: SDObmObj Class - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINNT\system32\obwbkya.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [mstasks.exe] C:\WINNT\system32\mstasks.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RichMedia] C:\WINNT\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINNT\system32\msibm\cfsys.dll,cfs O4 - HKLM\..\Run: [spoolsv] C:\WINNT\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [Alitalk] C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE -hideframe O4 - HKLM\..\Run: [Install Alitalk] C:\WINNT\temp\alitalk\alitalk.exe -hideframe O4 - HKLM\..\Run: [NTdhcp] C:\WINNT\system32\NTdhcp.exe O8 - Extra context menu item: &使用迅雷下载 - E:\新建文件夹\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\新建文件夹\getallurl.htm 2006-03-26 22:30:51
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	分享到：

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 01:39 \| 只看楼主短消息资料字号：小中大 2楼 O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\新建文件夹 (2)\浩方对战平台\GameClient.exe O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra Button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O11 - Options group: [!CNS] 网络实名 O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131699702109 O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - https://www.95599.cn/platform/pub/cab/ABC.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx O20 - Winlogon Notify: nwprovau O20 - Winlogon Notify: wzcnotif O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - - C:\WINNT\G_Server.exe O23 - Service: Print Manager (MOVEESS) - - C:\WINNT\system32\rundll32.exe c:\winnt\system32\wbem\irjit.dll,export 1087 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe O23 - Service: ServiceX (ServiceX) - - C:\WINNT\system32\servicex.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINNT\system32\svchost.exe -k netsvcs O23 - Service: QoS Service (WIDETS) - - C:\WINNT\system32\rundll32.exe c:\winnt\system32\wbem\irjit.dll,export 1087 O23 - Service: winverviet32 (winvervie32) - - C:\WINNT\winservict32.exe
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 01:39 \| 只看楼主短消息资料字号：小中大 3楼请斑竹和各位高手帮忙看一下！谢谢了！~
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 01:41 \| 只看楼主短消息资料字号：小中大 4楼电脑开机时还老是弹出恶意网页！~比如什么“51looking”啊之类的！
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

读来毒网飘泊而立狮帖子:610 注册: 2004-04-18 来自:	发表于： 2006-03-26 07:28 \| 短消息资料字号：小中大 5楼请您重新用HijackThis1.99.1扫描个日志上来 http://www.spywareinfo.com/~merijn/files/hijackthis.zip 将它解压到一个非临时性的文件夹（比如C:\Program Files\HijackThis\HijackThis.exe）。然后双击HijackThis.exe图标，选择Do a system scan and save a logfile，将产生的文本文件中的日志贴上来。如果一个帖子贴不下，可以将剩余的部分另开一帖。
读来毒网飘泊而立狮帖子:610 注册: 2004-04-18 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 09:55 \| 只看楼主短消息资料字号：小中大 6楼 Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ServiceX.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\Explorer.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mstasks.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\RUNDLL32.exe C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE C:\WINNT\system32\NTdhcp.exe C:\WINNT\system32\internat.exe E:\新建文件夹\Thunder.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\HijackThis.exe
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 09:55 \| 只看楼主短消息资料字号：小中大 7楼 R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\ .exe O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINNT\system32\IEBHODLL.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006228_8913.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing) O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: CShowKuroBar Class - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - C:\Program Files\KuroM7\CallToolBar.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: BHelper - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINNT\system32\AdvSC32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\tbhelper.dll O2 - BHO: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file) O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\qylhelper.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINNT\system32\obwbkya.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [mstasks.exe] C:\WINNT\system32\mstasks.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RichMedia] C:\WINNT\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINNT\system32\msibm\cfsys.dll,cfs O4 - HKLM\..\Run: [spoolsv] C:\WINNT\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [Alitalk] C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE -hideframe O4 - HKLM\..\Run: [Install Alitalk] C:\WINNT\temp\alitalk\alitalk.exe -hideframe O4 - HKLM\..\Run: [NTdhcp] C:\WINNT\system32\NTdhcp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [internat.exe] internat.exe O8 - Extra context menu item: &使用迅雷下载 - E:\新建文件夹\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\新建文件夹\getallurl.htm O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\新建文件夹 (2)\浩方对战平台\GameClient.exe O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O11 - Options group: [!CNS] 网络实名 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131699702109 O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - https://www.95599.cn/platform/pub/cab/ABC.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe O23 - Service: ServiceX - Unknown owner - C:\WINNT\system32\ServiceX.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: winverviet32 (winvervie32) - Unknown owner - C:\WINNT\winservict32.exe
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 09:56 \| 只看楼主短消息资料字号：小中大 8楼读来毒网，麻烦你咯！~谢谢哦！帮我看一下吧！
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:	发表于： 2006-03-26 18:08 \| 只看楼主短消息资料字号：小中大 9楼求求你们，帮帮我的忙啊！~~我急啊！~
最爱茄茄初生襁褓狮帖子:12 注册: 2006-01-20 来自:

花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:	发表于： 2006-03-26 22:30 \| 短消息资料字号：小中大 10楼在安全模式下修复这些： R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.9991.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.9p.cn O2 - BHO: - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINNT\system32\IEBHODLL.dll O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll O2 - BHO: CBHelper Object - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll O2 - BHO: NewWebController Class - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINNT\system32\AdvSC32.dll O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\tbhelper.dll O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\qylhelper.dll O2 - BHO: SDObmObj Class - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINNT\system32\obwbkya.dll O4 - HKLM\..\Run: [mstasks.exe] C:\WINNT\system32\mstasks.exe O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINNT\system32\msibm\cfsys.dll,cfs O4 - HKLM\..\Run: [NTdhcp] C:\WINNT\system32\NTdhcp.exe O20 - Winlogon Notify: nwprovau O20 - Winlogon Notify: wzcnotif 开始--控制面版--管理工具--服务--找到Gray_Pigeon_Server，ServiceX，winverviet32属性--改为已禁用显示隐藏文件，找到以下删除：（如果有的话） C:\WINNT\G_Server.exe C:\WINNT\G_Server.dll C:\WINNT\G_Serverkey.dll C:\WINNT\G_Server_Hook.dll C:\WINNT\system32\ServiceX.exe C:\WINNT\winservict32.exe 并删除以上修复项目的文件。再安装瑞星杀一次毒。
花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT