1   1  /  1  页   跳转

求助Backdoor.Gpigeon .foj

收藏
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 18:54 | 显示全部 短消息 资料
字号: 1楼

求助Backdoor.Gpigeon .foj

中了,请教各位兄弟姐妹如何杀~!
最后编辑2006-08-21 19:59:45
分享到:
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 18:57 | 显示全部 短消息 资料
字号: 2楼

未知家族病毒分析
扫描结果:
C:\Program Files\Internet Explorer\IEXPLORE.EXE --> 与 Backdoor.Gpigeon 71%相似.


系统活动进程
C:\KAV2005\KAVSTART.EXE
C:\KAV2005\MFC71.DLL
C:\KAV2005\MSVCR71.DLL
C:\KAV2005\MSVCP71.DLL
C:\KAV2005\MFC71CHS.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KAVIPC2.DLL
C:\KAV2005\KAVPASSP.DLL
C:\KAV2005\POPSPRT3.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL
C:\KAV2005\KASOCKET.DLL

C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YASSECBLK.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YMENUINFO.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YIEANGEL.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YASMENU.DLL
C:\KAV2005\KASOCKET.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\KAV2005\KPFW32.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KAVIPC2.DLL
C:\KAV2005\KACONFIG.DLL
C:\KAV2005\FILTLIST.DLL
C:\KAV2005\KAVPASSP.DLL
C:\KAV2005\KASOCKET.DLL
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\KAV2005\KAEPLAT.DLL
C:\KAV2005\KAEMEM.DAT
C:\KAV2005\KASCRIPT.DLL

C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\KAV2005\KWATCH.EXE
C:\KAV2005\KAVIPC2.DLL
C:\KAV2005\KAEPLAT.DLL
C:\KAV2005\KAEMEM.DAT

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\3721\ALREX.DLL
C:\WINDOWS\DOWNLO~1\CNSHOOK.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
D:\PROGRA~1\FLASHGET\JCCATCH.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL

C:\KAV2005\KMAILMON.EXE
C:\KAV2005\KANTISPM.DLL
C:\KAV2005\MSVCR71.DLL
C:\KAV2005\KAVIPC2.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KAECALL2.DLL
C:\KAV2005\KAEPLAT.DLL
C:\KAV2005\KAEMEM.DAT
C:\KAV2005\KACONFIG.DLL
C:\KAV2005\KASOCKET.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\KAV2005\KPFWSVC.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

D:\EDIFIER.EASYVOL.VER1.01\EASYVOL.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\3721\HELPER.DLL

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
D:\DOWNLOADS\瑞星工具\RSDETECT.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 18:58 | 显示全部 短消息 资料
字号: 3楼

D:\EDIFIER.EASYVOL.VER1.01\EASYVOL.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\3721\HELPER.DLL

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
D:\DOWNLOADS\瑞星工具\RSDETECT.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL

D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
D:\PROGRAM FILES\TENCENT\QQ\QQBASECLASSINDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQHELPERDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\BASICCTRLDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL
D:\PROGRAM FILES\TENCENT\QQ\RICHED32.DLL
D:\PROGRAM FILES\TENCENT\QQ\RICHED20.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQAPI.DLL
D:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL
D:\PROGRAM FILES\TENCENT\QQ\LOGINCTRL.DLL
D:\PROGRAM FILES\TENCENT\QQ\NPKCNTC.DLL
D:\PROGRAM FILES\TENCENT\QQ\NPKPDB.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQRES.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQMAINFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ\CQQAPPLICATION.DLL
D:\PROGRAM FILES\TENCENT\QQ\NEWSKIN.DLL
D:\PROGRAM FILES\TENCENT\QQ\HOSTINGMGR.DLL
D:\PROGRAM FILES\TENCENT\QQ\CAMERADLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\MAILSUMMARY.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQSPACE.DLL
D:\PROGRAM FILES\TENCENT\QQ\VBSCRIPT.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQGROUPMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQCONFIGPLUGIN.DLL
D:\PROGRAM FILES\TENCENT\QQ\USERDEFINEDHEAD.DLL
D:\PROGRAM FILES\TENCENT\QQ\QRINGMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\PHONEAPI.DLL
D:\PROGRAM FILES\TENCENT\QQ\DIALERALLINONE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\TENCENT\QQ\QQAVATAR.DLL
D:\PROGRAM FILES\TENCENT\QQ\FLASHAVATARDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPLUGIN.DLL
D:\PROGRAM FILES\TENCENT\QQ\GDIPLUS.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQALLINONE.DLL
D:\PROGRAM FILES\TENCENT\QQ\SCCORE.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQADDR.DLL
D:\PROGRAM FILES\TENCENT\QQ\LONGCONNECTION.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPET.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQSYSMSGMNG.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
D:\PROGRAM FILES\TENCENT\QQ\BQQAPPLICATION.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\3721\SCRBLOCK.DLL
C:\PROGRA~1\3721\ALREX.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\WINDOWS\DOWNLO~1\CNSHINT.DLL
C:\KAV2005\KASOCKET.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL
C:\WINDOWS\DOWNLO~1\CNSPLUS.DLL
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASWIPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASIESEC.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASNOAD.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YZSNETPROTO.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
C:\WINDOWS\DOWNLO~1\CNSHOOK.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YANGLING.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YSCRBLOCK.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
D:\PROGRA~1\FLASHGET\JCCATCH.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\KAV2005\KASCRIPT.DLL
C:\KAV2005\KAEPLAT.DLL
C:\KAV2005\KAEMEM.DAT
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASSIST.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8A.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL

D:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\KAV2005\KASOCKET.DLL
D:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Edifier.EasyVOL = D:\EDIFIER.EASYVOL.VER1.01\EASYVOL.EXE
KavStart = "C:\KAV2005\KAVSTART.EXE" -STARTUP
helper.dll = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRA~1\3721\HELPER.DLL,RUNDLL32
TVTray = (NULL)
yassistse = "C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KavPFW = "C:\KAV2005\KPFW32.EXE"
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0E674588-66B7-4E19-9D0E-2053B800F69F} = NULL
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} = NULL
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
{38928D50-8A48-44C2-945F-D2F23F771410} = C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = D:\Program Files\Tencent\QQ\QQIEHelper.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
{A5366673-E8CA-11D3-9CD9-0090271D075B} = D:\PROGRA~1\FLASHGET\jccatch.dll
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:\WINDOWS\downlo~1\CnsHook.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5220EC7F-5E21-4828-8810-ADFC5625FE81}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5220EC7F-5E21-4828-8810-ADFC5625FE81}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADDB4CC5-2E75-4DE8-89CC-2AE9A1003790}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADDB4CC5-2E75-4DE8-89CC-2AE9A1003790}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0811D36-63C0-4EE1-B4AB-EE061004CE22}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0811D36-63C0-4EE1-B4AB-EE061004CE22}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{73793FEE-EACF-4EDA-95E5-FAAAF51A38BA}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{73793FEE-EACF-4EDA-95E5-FAAAF51A38BA}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C1C4744-EFB2-40F0-8E7B-12A8768EDC59}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C1C4744-EFB2-40F0-8E7B-12A8768EDC59}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C6C57685-EA13-4E32-8577-22BFED02BB67}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C6C57685-EA13-4E32-8577-22BFED02BB67}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 18:58 | 显示全部 短消息 资料
字号: 4楼

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
C-DillaCdaC11BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
KPfwSvc = "C:\KAV2005\KPFWSVC.EXE"
KWatchSvc = C:\KAV2005\KWATCH.EXE
LanmanServer = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{247601DD-C1C0-4172-ACB1-75B1002CEAB6}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
windows = C:\WINDOWS\DENGDAI.DLL
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
0 = C:\WINDOWS\SYSTEM32\DRIVERS\78796.SYS
2965703 = C:\WINDOWS\SYSTEM32\DRIVERS\2965703.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
Cap7134 = C:\WINDOWS\SYSTEM32\DRIVERS\CAP7134.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
CdaC15BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
dtscsi = C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
Envy24HFS = C:\WINDOWS\SYSTEM32\DRIVERS\ENVY24HF.SYS
EnvySens = C:\WINDOWS\SYSTEM32\DRIVERS\ENVYSENS.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
GPKiller = C:\WINDOWS\SYSTEM32\DRIVERS\GPKILLER.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
KNetWch = C:\KAV2005\KNETWCH.SYS
KWatch3 = C:\WINDOWS\SYSTEM32\DRIVERS\KWATCH3.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = D:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
nvata = C:\WINDOWS\SYSTEM32\DRIVERS\NVATA.SYS
NVENETFD = C:\WINDOWS\SYSTEM32\DRIVERS\NVENETFD.SYS
nvnetbus = C:\WINDOWS\SYSTEM32\DRIVERS\NVNETBUS.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PhTVTune = C:\WINDOWS\SYSTEM32\DRIVERS\PHTVTUNE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
R2A = C:\WINDOWS\SYSTEM32A2.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
Sense3 = C:\WINDOWS\SYSTEM32\DRIVERS\SENSE3.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
vcddev = C:\WINDOWS\SYSTEM32\DRIVERS\VCDVNIC.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
ZSMC301b = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 18:59 | 显示全部 短消息 资料
字号: 5楼

以上是瑞星听诊器扫描结果
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 19:08 | 显示全部 短消息 资料
字号: 6楼

Logfile of HijackThis v1.99.1
Scan saved at 18:58:38, on 2006-8-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\KAV2005\KPfwSvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Edifier.EasyVol.ver1.01\EasyVOL.exe
C:\KAV2005\KAVStart.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2005\KPFW32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2005\KMailMon.EXE
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\foobar播放器\foobar2000v0.8.3\foobar2000\foobar2000\foobar2000.exe
D:\Downloads\TheWorldFull\TheWorld.exe
D:\Downloads\瑞星工具\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - (no file)
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [Edifier.EasyVOL] D:\Edifier.EasyVol.ver1.01\EasyVOL.exe
O4 - HKLM\..\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KPFW32.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6C57685-EA13-4E32-8577-22BFED02BB67}: NameServer = 202.101.172.46 202.101.172.47
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: windows - Kaspersky Lab - C:\WINDOWS\dengdai.dll
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 19:09 | 显示全部 短消息 资料
字号: 7楼

刚扫了一下,请大哥看看
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 19:16 | 显示全部 短消息 资料
字号: 8楼

谢谢!试一下先
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 19:55 | 显示全部 短消息 资料
字号: 9楼

鸽子..安全模式...打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 windows 删除..
是不是删除windows ,好象没有?
gototop
 
xingxingyu
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 20:07 | 显示全部 短消息 资料
字号: 10楼

现在的日志:帮我看看还要不要改
Logfile of HijackThis v1.99.1
Scan saved at 19:54:30, on 2006-8-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\KAV2005\KPfwSvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Edifier.EasyVol.ver1.01\EasyVOL.exe
C:\KAV2005\KAVStart.exe
C:\KAV2005\KPFW32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2005\KMailMon.EXE
D:\Downloads\TheWorldFull\TheWorld.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\foobar播放器\foobar2000v0.8.3\foobar2000\foobar2000\foobar2000.exe
D:\Downloads\瑞星工具\HijackThis.exe

O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [Edifier.EasyVOL] D:\Edifier.EasyVol.ver1.01\EasyVOL.exe
O4 - HKLM\..\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KPFW32.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6C57685-EA13-4E32-8577-22BFED02BB67}: NameServer = 202.101.172.46 202.101.172.47
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT