呵呵,帮朋友看看,似乎中了很多啊!!请教以下这里的大哥哥 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛呵呵,帮朋友看看,似乎中了很多啊!!请教以下这里的大哥哥

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

呵呵,帮朋友看看,似乎中了很多啊!!请教以下这里的大哥哥

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 14:55 \| 只看楼主短消息资料字号：小中大 1楼呵呵,帮朋友看看,似乎中了很多啊!!请教以下这里的大哥哥 Logfile of HijackThis v1.99.1 Scan saved at 14:39:02, on 2006-8-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\KAV2006\KWatch.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\KAV2006\KPfwSvc.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CNNIC\Cdn\cdnup.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINDOWS\system32\rundll32.exe C:\KAV2006\KMailMon.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\KAV2006\KPFW32.EXE F:\qq\TIMPlatform.exe F:\qq\QQ.exe C:\WINDOWS\system32\rundll32.exe F:\qq\qqpet\qqpet.exe C:\KAV2006\KAVStart.EXE F:\PROGRA~1\ASDEGAME\AsdeAI.exe F:\PROGRA~1\ASDEGAME\AsdeAI.exe G:\天下第一\QQ宠物管家\PetDoctor.exe G:\天下第一\QQ宠物管家\QQPetSkinMonitor.exe F:\qq\QQ.exe F:\qq\qqpet\qqpet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\new\桌面\HijackThis.exe R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll F3 - REG:win.ini: load=C:\WINDOWS\819if22.exe O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: MsHelp Class - {33C3992F-1963-49BE-88D7-974C8EE564B5} - C:\WINDOWS\system32\MsHelper.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\qq\QQIEHelper.dll O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\rundll32.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - G:\迅雷\ComDlls\XunLeiBHO_001.dll O2 - BHO: YgbAvbyb Class - {9ECB53F3-1A63-1A79-5179-9B6FAC285071} - C:\WINDOWS\DOWNLO~1\jkltv.dll O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - G:\酷狗音乐\KuGoo3\KuGoo3DownXControl.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Enhancer - {AF098F95-7CEA-407A-8552-3846737CC4B2} - C:\WINDOWS\system32\funcwin.dll O2 - BHO: Count Class - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - C:\WINDOWS\system32\bsnviewer.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\819of221.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file) O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Thunder] G:\迅雷\Thunder.exe /s O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [KavPFW] "C:\KAV2006\KPFW32.EXE" O4 - HKCU\..\Run: [sys001] C:\WINDOWS\rundll32.exe O4 - Startup: 腾讯QQ.lnk = F:\qq\QQ.exe O4 - Global Startup: 壁纸自动换.lnk = C:\WINDOWS\system32\bgswitch.exe O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe O8 - Extra context menu item: &使用迅雷下载 - G:\迅雷\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\迅雷\Program\GetAllUrl.htm O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用KuGoo3下载(&K) - G:\酷狗音乐\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246 O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll O11 - Options group: [!CNS] 网络实名 O11 - Options group: [CDNCLIENT] 中文上网 O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{316DDE7A-FD3A-4DDC-AEB5-A9C1D8CD849E}: NameServer = 220.189.127.108 220.189.127.107 O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\819df221.dll O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\svchost.exe 2006-10-06 15:14:48
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	分享到：

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 15:03 \| 只看楼主短消息资料字号：小中大 2楼 F3 - REG:win.ini: load=C:\WINDOWS\819if22.exe O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll(这是什么啊) O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKCU\..\Run: [sys001] C:\WINDOWS\rundll32.exe(rundll32在WINDOWS下正常吗) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll(这是什么啊 O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\819df221.dll O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll(这个对不对啊) O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\svchost.exe 这几个对吗,是不是灰鸽子啊
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:

炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:	发表于： 2006-08-25 15:10 \| 短消息资料字号：小中大 3楼 O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\svchost.exe 鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索Windows XP Vista 删除重启删除C:\WINDOWS\svchost.exe 修复上面所有(file missing)项下载超级兔子。 http://www.pctutu.com/srmsdown.asp 运行超级兔子,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载(安全模式)
炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 15:14 \| 只看楼主短消息资料字号：小中大 4楼晕,我猜也是鸽子暗暗,但是其他我列的项目就不用吗
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 15:15 \| 只看楼主短消息资料字号：小中大 5楼 F3 - REG:win.ini: load=C:\WINDOWS\819if22.exe 象这种不可疑吗
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:

炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:	发表于： 2006-08-25 15:17 \| 短消息资料字号：小中大 6楼 819if22.exe 这个不认识百度上也没有` 如果你也不认识修复`删除`
炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 15:19 \| 只看楼主短消息资料字号：小中大 7楼那在WINDOW下有个RUNDLL32正常吗
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:

炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:	发表于： 2006-08-25 15:25 \| 短消息资料字号：小中大 8楼应该正常`
炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:

炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:	发表于： 2006-08-25 15:26 \| 短消息资料字号：小中大 9楼总的来说不太确定自己百度不就知道了?`
炫Oo逍遥oO 锋芒艾服狮帖子:1306 注册: 2006-06-30 来自:

dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:	发表于： 2006-08-25 15:28 \| 只看楼主短消息资料字号：小中大 10楼还是感谢你了
dady欢欢自信弱冠狮帖子:324 注册: 2006-07-06 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT