瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Infostealer.JiangHu以及Downloader这两个病毒怎么杀啊

12   1  /  2  页   跳转

Infostealer.JiangHu以及Downloader这两个病毒怎么杀啊

收藏
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-09-30 23:42 | 显示全部 短消息 资料
字号: 1楼

Infostealer.JiangHu以及Downloader这两个病毒怎么杀啊

前一个病毒诺顿现实是system32下的rxxx.dll文件受到了感染,可是怎么杀也杀不掉。安全模式下已经杀过了,可是重启一下又出来了。

后一个病毒都是一些temp文件感染了。

怎么办怎么办???
最后编辑2006-10-04 23:18:51.030000000
分享到:
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-09-30 23:50 | 显示全部 短消息 资料
字号: 2楼

我是用360查的进程,请高手帮忙看一下
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2006-09-30  23:37:41
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:503MB - 当前可用内存:183MB

100 - 未知 - Process: Smc.exe [Sygate Agent Firewall] - "C:\Program Files\Sygate\SSA\smc.exe"
100 - 未知 - Process: acautoreg.exe [ActivCard Gold - New Card Registration] - "C:\Program Files\Common Files\ActivCard\acautoreg.exe"
100 - 未知 - Process: accoca.exe [ActivCard Cache Server] - "C:\Program Files\Common Files\ActivCard\accoca.exe"
100 - 未知 - Process: syg_hp.exe [syg_hp] - C:\PROGRA~1\sygate\ssa\syg_hp.exe
100 - 高危险 - Process: SVCH0ST.exe [怀疑为恶意程序或病毒,请使用杀毒软件进行查杀。] - C:\WINDOWS\system32\SVCH0ST.exe
100 - 未知 - Process: radexecd.exe [radexecd] - "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe"
100 - 未知 - Process: radsched.exe [radsched] - "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe"
100 - 未知 - Process: Radstgms.exe [radstgms] - "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe"
100 - 未知 - Process: winlogon.exe [Generic Hosts for WinService] - c:\windows\system32\wbem\winlogon.exe
100 - 未知 - Process: DrgToDsc.exe [Drag To Disc Application] - "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
100 - 未知 - Process: agquickp.exe [ActivCard Gold Quick Fill] - "C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe"
100 - 未知 - Process: Ida.exe [Intelligent Desktop Assistant (IDA)] - "C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
100 - 未知 - Process: HP Wireless Assistant.exe [hp Wireless Assistant Module] - "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
100 - 未知 - Process: CheckTool.exe [360Tools Microsoft 基础类应用程序] - "C:\DOCUME~1\jiangxin\LOCALS~1\Temp\Rar$EX00.397\CheckTool.exe"
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.google.com/
R1 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://seek.3721.com/srchasst.htm
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://seek.3721.com/srchasst.htm
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.google.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.google.com/
O1 - 未知 - Host: 127.0.0.1 www.ccnnic.com
O1 - 未知 - Host: 127.0.0.1 www.edmchina.com
O1 - 未知 - Host: 127.0.0.1 www.bodoto.com
O1 - 未知 - Host: 127.0.0.1 bj.bodoto.com
O1 - 未知 - Host: 127.0.0.1 nb.bodoto.com
O1 - 未知 - Host: 127.0.0.1 hangzhou.bodoto.com
O1 - 未知 - Host: 127.0.0.1 sx.bodoto.com
O1 - 未知 - Host: 127.0.0.1 jh.bodoto.com
O1 - 未知 - Host: 127.0.0.1 www.bodoto.com.cn
O1 - 未知 - Host: 127.0.0.1 www.bodoto.cn
O1 - 未知 - Host: 127.0.0.1 www.bodoto.net
O1 - 未知 - Host: 127.0.0.1 www.pvka.com
O1 - 未知 - Host: 127.0.0.1 www.pvka.cn
O1 - 未知 - Host: 127.0.0.1 www.pvka.net
O1 - 未知 - Host: 127.0.0.1 www.qqbao.net
O1 - 未知 - Host: 127.0.0.1 www.ccnnlc.com
O1 - 未知 - Host: 127.0.0.1 shangh.bodoto.com
O1 - 未知 - Host: 127.0.0.1 my.bodoto.com
O1 - 未知 - Host: 127.0.0.1 mail.bodoto.com
O1 - 未知 - Host: 127.0.0.1 www.bodoto.net.cn
O1 - 未知 - Host: 127.0.0.1 www.bodoto.org
O1 - 未知 - Host: 127.0.0.1 www.edmchina.net
O1 - 未知 - Host: 127.0.0.1 www.edmchina.cn
O1 - 未知 - Host: 127.0.0.1 www.edmchina.com.cn
O1 - 未知 - Host: 127.0.0.1 ad.edmchina.com
O1 - 未知 - Host: 127.0.0.1 agent.edmchina.com
O1 - 未知 - Host: 127.0.0.1 sales.edmchina.com
O1 - 未知 - Host: 127.0.0.1 mail.edmchina.com
O1 - 未知 - Host: 127.0.0.1 edmchina.com
O1 - 未知 - Host: 127.0.0.1 edmchina.net
O1 - 未知 - Host: 127.0.0.1 edmchina.cn
O1 - 未知 - Host: 127.0.0.1 edmchina.com.cn
O1 - 未知 - Host: 127.0.0.1 www.pk265.com
O1 - 未知 - Host: 127.0.0.1 pk265.com
O1 - 未知 - Host: 127.0.0.1 www.qqbao.com
O1 - 未知 - Host: 127.0.0.1 www.qqbao.cn
O1 - 未知 - Host: 127.0.0.1 www.qqbao.com.cn
O1 - 未知 - Host: 127.0.0.1 qqbao.com
O1 - 未知 - Host: 127.0.0.1 qqbao.cn
O1 - 未知 - Host: 127.0.0.1 qqbao.com.cn
O1 - 未知 - Host: 127.0.0.1 ad.pvka.com
O1 - 未知 - Host: 127.0.0.1 da.pvka.com
O1 - 未知 - Host: 127.0.0.1 www.20060106.com
O1 - 未知 - Host: 127.0.0.1 20060106.com
O1 - 未知 - Host: 127.0.0.1 www.huajundown.com
O1 - 未知 - Host: 127.0.0.1 www.huajundown.net
O1 - 未知 - Host: 127.0.0.1 huajundown.net
O2 - 中危险 - BHO: (CIEHelper Object) - [] - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll
O2 - 低危险 - BHO: (CnsHook Class) - [网络实名] - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O4 - 未知 - HKLM\..\Run: [RoxioEngineUtility] [Roxio Engine Compatibility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - 未知 - HKLM\..\Run: [RoxioDragToDisc] [Drag To Disc Application] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - 未知 - HKLM\..\Run: [QuickPassword] [ActivCard Gold Quick Fill] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - 未知 - HKLM\..\Run: [SmcService] [] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - 未知 - HKLM\..\Run: [CJIMETIPSYNC] [New Changjie IME Property dialog] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - 未知 - HKLM\..\Run: [IDA] [Intelligent Desktop Assistant (IDA)] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - 未知 - HKLM\..\Run: [hpWirelessAssistant] [hp Wireless Assistant Module] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - 未知 - HKLM\..\Run: [IMJPMIG9.0] [] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - 未知 - HKLM\..\Run: [imekrmig7.0] [Microsoft IME 2003] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - 未知 - HKLM\..\Run: [Galaxy] [] rundll32.exe C:\WINDOWS\system32\ppgaxea.dll,Su
O4 - 未知 - HKLM\..\Run: [Power] [Alxr Module] rundll32.exe C:\WINDOWS\system32\alxklt.dll,Start
O4 - 未知 - HKLM\..\Run: [popBlockHlp] [] rundll32.exe C:\WINDOWS\system32\wbem\wmipop.dll,_S1
O4 - 高危险 - HKCU\..\Run: [rx] [疑为恶意程序或病毒。] C:\WINDOWS\system32\longshao.exe
O4 - 未知 - HKCU\..\Run: [wow] [] C:\WINDOWS\system32\kvess.exe
O4 - 未知 - HKCU\..\Run: [zz] [] C:\WINDOWS\system32\lsrx.exe
O6 - 未知 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
O9 - 未知 - Extra button: Yahoo 1G mail(HKLM)
O9 - 未知 - Extra button: E bazar(HKLM)
O9 - 未知 - Extra button: Yahoo Assistant(HKLM)
O9 - 未知 - Extra button: (HKLM)
O9 - 未知 - Extra button: Instant Messenger(HKLM)
O9 - 未知 - Extra button: Repair Browser(HKLM)
O9 - 未知 - Extra button: Clean Internet access record(HKLM)
O11 - 未知 - Options Group: Chinese keywords
O14 - 未知 - IERESET.INF: START_PAGE_URL="about:blank"
O14 - 未知 - IERESET.INF: MS_START_PAGE_URL="about:blank"
O15 - 未知 - Trusted Zone: http:compaq.com
O15 - 未知 - Trusted Zone: https:compaq.com
O15 - 未知 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - 未知 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - 未知 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - 未知 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - 未知 - Trusted Zone: *.cpqcorp.net
O15 - 未知 - Trusted Zone: https:dcu.org
O15 - 未知 - Trusted Zone: http:dcu.org
O15 - 未知 - Trusted Zone: http:dec.com
O16 - 未知 - DPF: {00000010-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms10) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall10.cab
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-02 13:25 | 显示全部 短消息 资料
字号: 3楼

病毒依然存在,有高手吗???
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-02 21:09 | 显示全部 短消息 资料
字号: 4楼

顶一下
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-02 21:45 | 显示全部 短消息 资料
字号: 5楼

Logfile of HijackThis v1.99.1
Scan saved at 21:20:27, on 2006-10-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\sygate\ssa\syg_hp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SVCH0ST.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\windows\system32\wbem\winlogon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\LSASS.exe
C:\WINDOWS\SMSS.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\jiangxin\Local Settings\Temp\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll (file missing)
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-02 21:46 | 显示全部 短消息 资料
字号: 6楼

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=about:blank
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: *.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://*.dec.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: http://*.hpe-learning.com
O15 - Trusted Zone: *.hpqcorp.net
O15 - Trusted Zone: *.hpshopping.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://*.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {00000010-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms10 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall10.cab
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://15.136.213.190/TDBIN/Spider80.ocx
O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://weiwei1225.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asiapacific.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = asiapacific.hpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{14DC9CB8-578B-4700-89CB-FAD69F43E452}: NameServer = 10.100.0.3 202.96.209.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asiapacific.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ASIAPACIFIC.cpqcorp.net,ASIAPACIFIC.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{14DC9CB8-578B-4700-89CB-FAD69F43E452}: NameServer = 10.100.0.3 202.96.209.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ASIAPACIFIC.cpqcorp.net,ASIAPACIFIC.hpqcorp.net,hpqcorp.net,cpqcorp.net
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-02 22:17 | 显示全部 短消息 资料
字号: 7楼

高手快来吧!!!
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-04 21:36 | 显示全部 短消息 资料
字号: 8楼

用了超级兔子, 发现有两个软件还是删不掉,请各位大侠给点意见.
IECWM
雅虎助手
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-04 21:50 | 显示全部 短消息 资料
字号: 9楼

DING
gototop
 
vickyjxw
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-09-30
  • 来自:
发表于: 2006-10-04 22:28 | 显示全部 短消息 资料
字号: 10楼

再顶
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT