瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求救】我的电脑,控制面板(内存错误不能为written),IE==都打不开

1   1  /  1  页   跳转

【求救】我的电脑,控制面板(内存错误不能为written),IE==都打不开

收藏
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-19 21:04 | 只看楼主 短消息 资料
字号: 1楼

【求救】我的电脑,控制面板(内存错误不能为written),IE==都打不开

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      20:58:18, 日期 2006-5-19
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\System32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\spupdsvc.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spnpinst.exe
D:\WINDOWS\system32\Sysocmgr.exe
d:\program files\rising\rfw\RfwMain.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINDOWS\system32\keyhook.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\rising\Rav\RavMon.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Yayad\AdPop.Exe
C:\Program Files\Tencent\TT\TTraveler.exe
D:\Program Files\rising\rav\Rav.exe
D:\Program Files\rising\rav\RavJPG.exe
D:\WINDOWS\explorer.exe
D:\DOCUME~1\USER_F~1.LEG\LOCALS~1\Temp\Rar$EX00.890\HijackThis1991zww.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - D:\WINDOWS\system32\THUNDE~1.DLL
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - D:\Program Files\Yayad\AdCore.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - D:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - f:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - D:\WINDOWS\system32\WinSC32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: HunterSite Class - {A83E9D7E-119A-4A2C-94FE-2D4315ED3D40} - f:\Program Files\Superhunter\GetFlash\GetFlash.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - D:\PROGRA~1\HBClient\hbhelper.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\KakaTool.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - IE工具栏增项: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [zBrowser Launcher] f:\Program Files\Logitech\iTouch\iTouch.exe
O4 - 启动项HKLM\\Run: [ravmond] d:\program files\rising\rav\ravmond.exe -system
O4 - 启动项HKLM\\Run: [SiS Windows KeyHook] D:\WINDOWS\system32\keyhook.exe
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RavTimer] D:\Program Files\rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] D:\Program Files\rising\Rav\RavMon.exe -system
O4 - 启动项HKLM\\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [YOKAssiant] Rundll32.exe D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - 启动项HKLM\\Run: [Nintendo_Theme] C:\Program Files\Nintendo\DesktopManager\wbload.exe
O4 - 启动项HKLM\\Run: [RichMedia] D:\WINDOWS\system32\Rundll32.exe  "D:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
O4 - 启动项HKLM\\RunServices: [RavMon] D:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] f:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: 快捷方式 到 QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - G:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - G:\Program Files\Sandai Technologies Inc\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: >>彩信发送<< - res://D:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: VeryCD超级搜索 - D:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://D:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - D:\Program Files\CoolWebsite\QuickLink.dll
O9 - 浏览器额外的按钮: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - g:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - g:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - f:\Program Files\Superhunter\GetFlash\GetFlash.dll
O9 - 浏览器额外的“工具”菜单项: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - f:\Program Files\Superhunter\GetFlash\GetFlash.dll
O9 - 浏览器额外的按钮: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - f:\Program Files\Superhunter\GetFlash\GetFlash.dll
O9 - 浏览器额外的“工具”菜单项: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - f:\Program Files\Superhunter\GetFlash\GetFlash.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - c:\HAPPYH~1\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
最后编辑2006-05-20 19:15:55
分享到:
gototop
 
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-19 21:05 | 只看楼主 短消息 资料
字号: 2楼

O11 - Options group: [!AGetFlash] GetFlash
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C960AA3-FAEE-11D0-9262-00A0243D2412} (TegoSoft SmartLoader ActiveX Control) - http://www.am1116.com/csbus/ActiveX/TegoLoad.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120117136875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120749953328
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2691FA4C-725F-424C-9ABF-5ABF5722D129}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2691FA4C-725F-424C-9ABF-5ABF5722D129}: NameServer = 61.177.7.1 221.228.255.1
O18 - 列举现有的协议: bw+0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw+0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw-0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw-0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw00 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw00s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw10 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw10s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw20 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw20s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw30 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw30s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw40 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw40s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw50 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw50s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw60 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw60s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw70 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw70s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw80 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw80s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw90 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw90s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwa0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwa0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwb0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwb0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwc0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwc0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwd0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwd0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
gototop
 
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-19 21:05 | 只看楼主 短消息 资料
字号: 3楼

O18 - 列举现有的协议: bwe0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwe0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwf0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwf0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwg0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwg0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwh0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwh0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwi0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwi0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwj0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwj0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwk0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwk0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwl0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwl0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwm0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwm0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwn0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwn0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwo0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwo0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwp0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwp0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwq0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwq0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwr0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwr0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bws0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bws0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwt0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwt0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwu0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwu0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwv0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwv0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bww0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bww0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwx0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwx0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwy0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwy0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwz0 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwz0s - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: offline-8876480 - {36C4C9D2-9430-4DD3-BD9D-58297ED8DB2A} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - NT 服务: vsw - Unknown owner - D:\DOCUME~1\USER_F~1.LEG\LOCALS~1\Temp\vsy1\vsy1.exe
O23 - NT 服务: winmum - Unknown owner - D:\DOCUME~1\USER_F~1.LEG\LOCALS~1\Temp\mum1\mum1.exe (file missing)
O23 - NT 服务: WMDM PMSP Service - Unknown owner - D:\WINDOWS\system32\MsPMSPSv.exe (file missing)
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-05-19 21:15 | 短消息 资料
字号: 4楼

这是你第一次扫描的日志吗?

【应用技巧】该内存不能为read或written的解决方案:http://forum.ikaka.com/topic.asp?board=3&artid=7350632
gototop
 
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-19 21:16 | 只看楼主 短消息 资料
字号: 5楼

刚刚扫下来的说
gototop
 
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-19 21:50 | 只看楼主 短消息 资料
字号: 6楼

看不懂~~~~~~~~~~~~
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-05-19 22:02 | 短消息 资料
字号: 7楼

自己对着看吧!你的日志太"多"了~

http://forum.ikaka.com/topic.asp?board=3&artid=6248113&page=1
gototop
 
事了拂衣去
头像
拙长孩提狮
  • 帖子:97
  • 注册: 2005-10-11
  • 来自:
发表于: 2006-05-19 22:09 | 短消息 资料
字号: 8楼

O23 - NT 服务: vsw - Unknown owner - D:\DOCUME~1\USER_F~1.LEG\LOCALS~1\Temp\vsy1\vsy1.exe
O23 - NT 服务: winmum - Unknown owner - D:\DOCUME~1\USER_F~1.LEG\LOCALS~1\Temp\mum1\mum1.exe (file missing)
O23 - NT 服务: WMDM PMSP Service - Unknown owner - D:\WINDOWS\system32\MsPMSPSv.exe (file missing)
都是鸽子吧,看得挺多的,不知道有说对没没有
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-05-19 22:20 | 短消息 资料
字号: 9楼


O2项列举现有的IE浏览器的BHO模块。BHO,即Browser Helper Objects,指的是浏览器的辅助模块(或称辅助对象),这是一些扩充浏览器功能的小插件。这里面鱼龙混杂,诺顿杀毒、goolge等都可能出现在这里,而这里也是一些间谍软件常出没的地方

O17提示“域劫持”,这是一些与DNS解析相关的改变。已知会造成此现象的恶意网站为Lop.com。上面在解释O1项时提到过,当在浏览器中输入网址时,如果hosts文件中没有相关的网址映射,将请求DNS域名解析以把网址转换为IP地址。如果恶意网站改变了您的DNS设置,把其指向恶意网站,那么当然是它们指哪儿您去哪儿啦!



O18项列举现有的协议(protocols)用以发现额外的协议和协议“劫持”。相关注册表项目包括
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID等等。

通过将您的电脑的默认协议替换为自己的协议,恶意网站可以通过多种方式控制您的电脑、监控您的信息。

HijackThis会列举出默认协议以外的额外添加的协议,并列出其在电脑上的保存位置
gototop
 
英雄无敌IV
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-02-13
  • 来自:
发表于: 2006-05-20 19:15 | 只看楼主 短消息 资料
字号: 10楼

21组的是什么东西?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT