请教Trojan.QQ.Liumazi 清除方法.专家进 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请教Trojan.QQ.Liumazi 清除方法.专家进

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请教Trojan.QQ.Liumazi 清除方法.专家进

痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	发表于： 2006-02-21 22:15 \| 只看楼主短消息资料字号：小中大 1楼请教Trojan.QQ.Liumazi 清除方法.专家进本人不上小心上了一个网站。中了网页木马。随后QQ自动给好友好信息。发那个网站的广告。用瑞星查杀。发现是：Trojan.QQ.Liumazi 这个病毒。瑞星上的：这是一个QQ尾巴病毒这是一个用DELPHI写的木马病毒病毒运行后会有以下行为：一、释放一个名为"InfoMs.Ime"的动态库到“%root%\Program Files\Common Files\Microsoft Shared\MSInfo”文件夹。查到这个文件。。提示要重起才能删除。但是重起后是没有了。但过一会。有时过几个小时。。他又自动有了。又自动向我QQ里的好友发信息了..杀了好多次。删了好多次还是一样。。在网上也没有找到相关的资料。。请问各高手专家要怎样才能让它真正的消失。。真的好烦啊。时不时就要重起一下才能恢复。（本人由于光驱坏了暂时重装不了系统）。。二、修改注册表项“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks” 使被释放的动态库达到自启动目的。在注册表中没有看见有这个. 各位老大帮帮忙啊 2006-02-21 22:47:12
痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	分享到：

精致油970427 叱咤花甲狮帖子:2924 注册: 2005-12-09 来自:	发表于： 2006-02-21 22:23 \| 短消息资料字号：小中大 2楼瑞星不是有新的qq专杀工具了嘛，你下了用用看。另外，你说在注册表中没有找到相应的键值，估计你中的这个是变种后的木马。你还可以使用HIJACKTHIS1.99.1扫一下，把日志传上来看看。
精致油970427 叱咤花甲狮帖子:2924 注册: 2005-12-09 来自:

痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	发表于： 2006-02-21 22:33 \| 只看楼主短消息资料字号：小中大 3楼 HijackThis_zww汉化版扫描日志 V1.99.1 保存于 22:31:23 上午, 日期 2006-2-21 操作系统： Windows 2000 SP4 (WinNT 5.00.2195) 浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\P4P\p2psvr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINNT\system32\internat.exe C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe C:\Program Files\Rising\Rav\rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\WINNT\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Tencent\QQ1\QQ.exe E:\Tencent\TIMPlatform.exe C:\Program Files\Rising\Rav\RsLogVw.exe C:\WINNT\regedit.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis1991zww.exe R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\Program Files\P4P\ToolBar.dll R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINNT\system32\socul.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll (file missing) O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll O3 - IE工具栏增项: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - 启动项HKLM\\Run: [RavScanBD] "C:\Program Files\rising\Rav\ScanBD.exe" /INST O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min O8 - IE右键菜单中的新增项目: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ1\AddToNetDisk.htm O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ1\AddPanel.htm O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ1\AddEmotion.htm O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ1\SendMMS.htm O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的按钮: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O9 - 浏览器额外的按钮: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - 浏览器额外的“工具”菜单项: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll O11 - Options group: [CDNCLIENT] 中文上网 O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.51zsf.net/BDC.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C741648C-0078-447E-A1F6-2C5F0CDD4270}: NameServer = 61.144.56.100,202.96.128.68 O20 - AppInit_DLLs: C:\WINNT\system32\SoDAHK.DLL O23 - NT 服务: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - NT 服务: Gray - Unknown owner - C:\WINNT\lasss.exe O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe 我之前用WINDOWS优化大师查了一下进程分析.InfoMs.Ime这个文件是依赖在Explorer这个系统进程里面的。
痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:

痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	发表于： 2006-02-21 22:34 \| 只看楼主短消息资料字号：小中大 4楼这是启动的：启动项报告： 2006-2-21, 上午 22:34:22 启动项扫描器版本： 1.52.2 开始于： C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis1991zww.EXE 系统检测： Windows 2000 SP4 (WinNT 5.00.2195) 系统检测： Internet Explorer v6.00 SP1 (6.00.2800.1106) * 使用默认选项 ================================================== 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\P4P\p2psvr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINNT\system32\internat.exe C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe C:\Program Files\Rising\Rav\rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\WINNT\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Tencent\QQ1\QQ.exe E:\Tencent\TIMPlatform.exe C:\Program Files\Rising\Rav\RsLogVw.exe C:\WINNT\regedit.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis1991zww.exe C:\WINNT\system32\notepad.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\Run RavScanBD = "C:\Program Files\rising\Rav\ScanBD.exe" /INST RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system Synchronization Manager = mobsync.exe /logon -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Internat.exe = internat.exe Tracks Eraser Pro = C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min -------------------------------------------------- 文件打开方式关联 for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (黙认) = notepad.exe %1 -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=* 未找到INI相关项目值 * run=* 未找到INI相关项目值 * Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINNT\system32\SoDAHK.DLL -------------------------------------------------- 外壳扩展和屏幕保护程序的键值从 C:\WINNT\SYSTEM.INI: Shell=* 未找到INI相关项目值 * SCRNSAVE.EXE=* 未找到INI相关项目值 * drivers=* 未找到INI相关项目值 * 外壳扩展和屏幕保护程序的键值从注册表 Shell=Explorer.exe SCRNSAVE.EXE=* 未找到相关注册表键值 * drivers=* 未找到相关注册表键值 * Policies Shell key: HKCU\..\Policies: Shell=* 未找到相关注册表键值 * HKLM\..\Policies: Shell=* 未找到相关注册表键值 * -------------------------------------------------- 列举IE浏览器辅助对象(BHO模块): myBar BHO - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} SohuDAIEHelper - C:\Program Files\P4P\sodaie.dll - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} QQIEHelper - d:\Program Files\Tencent\QQ1\QQIEHelper.dll - {54EBD53A-9BC1-480B-966A-843A333CA162} -------------------------------------------------- 列举下载的程序文件： [Edit Class] InProcServer32 = C:\WINNT\system32\CMBEdit.dll CODEBASE = https://www.sz1.cmbchina.com/download/CMBEdit.cab [BDC Control] InProcServer32 = C:\WINNT\DOWNLO~1\BDC.ocx CODEBASE = http://www.51zsf.net/BDC.cab [AxInputControl Class] InProcServer32 = C:\WINNT\DOWNLO~1\INPUTC~1.DLL CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab [VnetAnprIns Class] InProcServer32 = C:\WINNT\Downloaded Program Files\anprins.dll CODEBASE = http://plugin.chinavnet.com/VnetPluginIns.CAB [pcastup Class] InProcServer32 = C:\WINNT\Downloaded Program Files\vodupdate.dll CODEBASE = http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab [AxSubmitControl Class] InProcServer32 = C:\WINNT\DOWNLO~1\SUBMIT~1.DLL CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab [Update Class] InProcServer32 = C:\WINNT\system32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38455.2106828704 [Shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [pCastPanel Class] InProcServer32 = C:\Program Files\pcast\PodcastbarMini\pCastCtl.dll CODEBASE = http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab -------------------------------------------------- 列举 Winsock LSP 文件： NameSpace #1: C:\WINNT\system32\cdnns.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB1A2B.EXE\|\|C:\Program Files\FlashGet\UNWISE.EXE -------------------------------------------------- 列举 ShellServiceObjectDelayLoad 项目： Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- 报告完毕，共 7,270 字节报告生成用时：0.125秒 Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:

痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	发表于： 2006-02-21 22:43 \| 只看楼主短消息资料字号：小中大 5楼说了说着又中了。。都不知是怎么中了。。好烦啊。专家快来帮忙啊
痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:

痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:	发表于： 2006-02-21 22:45 \| 只看楼主短消息资料字号：小中大 6楼 HijackThis_zww汉化版扫描日志 V1.99.1 保存于 22:45:17 上午, 日期 2006-2-21 操作系统： Windows 2000 SP4 (WinNT 5.00.2195) 浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\P4P\p2psvr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINNT\system32\internat.exe C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe C:\Program Files\Rising\Rav\rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\WINNT\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Tencent\QQ1\QQ.exe E:\Tencent\TIMPlatform.exe C:\Program Files\Rising\Rav\RsLogVw.exe C:\WINNT\system32\notepad.exe E:\HijackThis\HijackThis1991zww.exe R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\Program Files\P4P\ToolBar.dll R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINNT\system32\socul.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll (file missing) O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll O3 - IE工具栏增项: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - 启动项HKLM\\Run: [RavScanBD] "C:\Program Files\rising\Rav\ScanBD.exe" /INST O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min O8 - IE右键菜单中的新增项目: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ1\AddToNetDisk.htm O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ1\AddPanel.htm O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ1\AddEmotion.htm O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ1\SendMMS.htm O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的按钮: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ1\QQIEHelper.dll O9 - 浏览器额外的按钮: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - 浏览器额外的“工具”菜单项: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll O11 - Options group: [CDNCLIENT] 中文上网 O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.51zsf.net/BDC.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C741648C-0078-447E-A1F6-2C5F0CDD4270}: NameServer = 61.144.56.100,202.96.128.68 O20 - AppInit_DLLs: C:\WINNT\system32\SoDAHK.DLL O23 - NT 服务: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - NT 服务: Gray - Unknown owner - C:\WINNT\lasss.exe O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
痛恨刘麻子初生襁褓狮帖子:5 注册: 2006-02-21 来自:

精致油970427 叱咤花甲狮帖子:2924 注册: 2005-12-09 来自:	发表于： 2006-02-21 22:47 \| 短消息资料字号：小中大 7楼停止这项服务，把这个文件删除了，注意看准路径： O23 - NT 服务: Gray - Unknown owner - C:\WINNT\lasss.exe
精致油970427 叱咤花甲狮帖子:2924 注册: 2005-12-09 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT