瑞星卡卡安全论坛
网络→游离子 - 2005-12-4 21:49:00
卡卡的一个群 欢迎大家加入1641866
ncqd - 2005-12-5 15:34:00
请专家帮我看看,谢谢!!!
HijackThis_815汉化版扫描日志 V1.99.1
保存于 15:29:15, 日期 2005-12-5
操作系统: Windows XP SP1 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
F:\MagicSet\SRIECLI.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\HijackThis1991zww.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - f:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\MagicSet\HaokanBar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - F:\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\MagicSet\HaokanBar.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [RemoteControl] ; f:\PowerDVD\PDVDServ.exe
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] F:\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] F:\MagicSet\SRIECLI.EXE /LOAD
O4 - Startup: 腾讯QQ.lnk = F:\Tencent\QQ\QQ.exe
O4 - Global Startup: VIP.lnk = ?SystemRoot%\Installer\{37C629F7-E196-4AE4-9547-30BA6E99AAEF}\_49442e40.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - F:\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - F:\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的“工具”菜单项: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的“工具”菜单项: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的“工具”菜单项: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f:\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f:\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - f:\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - f:\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A17CF9E9-96B2-4E33-A0C5-3F9F5B4C6925}: NameServer = 202.100.128.68 202.100.128.102
O23 - NT 服务: Microsoft WebServer - Unknown owner - C:\WINDOWS\Microsoft WebServer.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
baohe - 2005-12-5 15:41:00
【回复“ncqd”的帖子】
O23 - NT 服务: Microsoft WebServer - Unknown owner - C:\WINDOWS\Microsoft WebServer.exe
如果杀软报灰鸽子,那就是这个了。
ncqd - 2005-12-5 17:05:00
baohe版主:谢谢您,杀软报的是
backdoor.gpigeon.rw 手动扫描 iexplore.exe>>c:program files\interner explorer\iexplore.exe
不知道是不是,也不知道该怎么处理,请您具体说一下吧,谢谢!!!
影子110 - 2005-12-5 18:25:00
| 引用: |
【ncqd的贴子】baohe版主:谢谢您,杀软报的是
backdoor.gpigeon.rw 手动扫描 iexplore.exe>>c:program files\interner explorer\iexplore.exe
不知道是不是,也不知道该怎么处理,请您具体说一下吧,谢谢!!!
........................... |
如果是对付这只鸽子
可以考虑这样试下看看~
关闭IE等 不必要的程序
清空临时文件夹
IE》属性》删除文件(包括脱机文件)》确定
开始 》 运行 》输入 Regedit.exe 》确定
打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \
SERVICES分支,删除左栏中的病毒服务名 Microsoft WebServer
重启系统,
打开 我的电脑》工具》文件夹选项》查看》显示所有文件,不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾
查找并删除以下文件
C:\WINDOWS\Microsoft WebServer.exe
及该文件夹下以Microsoft WebServer为文件名的DLL文件
如Microsoft WebServer.dll
Microsoft WebServer_hook.dll
Microsoft WebServerkey.dll
然后再盘查杀下~~~
神州六号 - 2005-12-6 16:33:00
该用户帖子内容已被屏蔽
ncqd - 2005-12-7 11:42:00
| 引用: |
【影子110的贴子】
如果是对付这只鸽子
可以考虑这样试下看看~
关闭IE等 不必要的程序
清空临时文件夹
IE》属性》删除文件(包括脱机文件)》确定
开始 》 运行 》输入 Regedit.exe 》确定
打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \
SERVICES分支,删除左栏中的病毒服务名 Microsoft WebServer
重启系统,
打开 我的电脑》工具》文件夹选项》查看》显示所有文件,不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾
查找并删除以下文件
C:\WINDOWS\Microsoft WebServer.exe
及该文件夹下以Microsoft WebServer为文件名的DLL文件
如Microsoft WebServer.dll
Microsoft WebServer_hook.dll
Microsoft WebServerkey.dll
然后再盘查杀下~~~
........................... |
版主您好:请问在删除文件C:\WINDOWS\Microsoft WebServer.exe时,电脑提示“此文件是系统文件,如果删除,您的计算机或某个程序可能无法正常工作”还要删除它吗?如果真删除了会不会有什么影响?谢谢!!!
freemyheart - 2005-12-7 17:39:00
用瑞星每次都能查到iexplore.exe中含有Backdoor.Gpigeon.smd病毒,每次都是清除成功.怎么办???求助高人指点……
蜡笔小忻 - 2005-12-7 21:50:00
楼主你好,我的机子瑞星说是中了灰鸽子木马了,每次重启防火墙都提示内存中有该木马
“详细内容2005-12-07 18:59:55, IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.GPigeon.pd”
但是我用hijackthis扫描后找不到所谓的服务端,如下:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 18:27:43, 日期 2005-12-7
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe
C:\WINDOWS\system32\wuauclt.exe
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\HFGameOPT\GameClient.exe
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bbsky.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118658810953
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://211.152.52.102/duba/antitrojan/update/OCX/KATScan.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{948E69A5-27F6-435D-BC76-B8ED7C957CAB}: NameServer = 202.103.24.68
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: WindowsUpdate - Unknown owner - C:\Program Files\WindowsUpdate\WinUp.exe
各位能帮我看看机子出啥毛病没?
我照着别的论坛上的手动删除的方法试过了,在windows下的一个文件夹里(具体是哪个忘记了)找到一个mag_hook.dll文件,但是它的mag.exe和magkey.exe没有找到 我又在注册表中删掉了含有mag_hook.dll magkey.dll的那个注册表项
但奇怪的是那个注册表项不在services里,重启电脑后还是一直提示有木马!
真是晕死鸟
请楼主大哥帮帮忙,小弟在此先谢谢了
影子110 - 2005-12-7 23:39:00
| 引用: |
【ncqd的贴子】
版主您好:请问在删除文件C:\WINDOWS\Microsoft WebServer.exe时,电脑提示“此文件是系统文件,如果删除,您的计算机或某个程序可能无法正常工作”还要删除它吗?如果真删除了会不会有什么影响?谢谢!!!
........................... |
可以删除的~
如果实在担心,可以把这几个病毒文件放入一个文件夹内打包(压缩)
然后再删除,如果删除后出现什么问题,还可以再恢复~~ 但,它确实是个木马,,应该没事的!
另,你有没有按照上面帖子里的操作步骤做?如关闭IE, 清除病毒的注册表项,等等~~~
jackli2002 - 2005-12-8 0:55:00
楼主,你好。
请帮我看看,每次重启都有Backdoor.Gpigeon.sgx
怎么才能杀干净啊?
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 0:34:43, 日期 2005-12-8
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Rising\Rav\Rav.exe
D:\Program Files\BitComet\BitComet.exe
d:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\安装程序\HijackThis1991zww汉化版\HijackThis1991zww.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - IE工具栏增项: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - 启动项HKLM\\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - 启动项HKLM\\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "c:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [MINI_BFYY] C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
O4 - 启动项HKLM\\Run: [AddrPlus2] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - IE右键菜单中的新增项目: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - 浏览器额外的“工具”菜单项: IBM Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: TOL24 - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} - http://www.TOL24.com (file missing)
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O11 - Options group: [TBH] QQ地址栏搜索插件
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127493294796
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - NT 服务: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - NT 服务: MazeServer - Unknown owner - d:\Program Files\Maze\MazeSvr.exe
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - NT 服务: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - NT 服务: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - NT 服务: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - NT 服务: winsServer (winServer) - Unknown owner - C:\WINDOWS\wins.exe
O23 - NT 服务: 我嗳罗 - Unknown owner - (no file)
lanyue - 2005-12-9 20:24:00
该用户帖子内容已被屏蔽
baohe - 2005-12-9 20:31:00
【回复“蜡笔小忻”的帖子】
O23 - NT 服务: WindowsUpdate - Unknown owner - C:\Program Files\WindowsUpdate\WinUp.exe
鸽子
██猪██ - 2005-12-9 20:45:00
最近上网总卡`帮看看
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 17:26:03 ██忍██, 日期 2005-12-9
操作系统: Windows XP (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2600.0000)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\rising\Rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\rising\Rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
D:\李海强\SOFTWARE\软件安装\杀毒软件\HijackThis1991汉化版\HijackThis1991zww.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\李海强\SOFTWARE\软件安装\网络软件\KuGoo2\KuGoo3DownXControl.ocx
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [MINI_BFYY] ; C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\李海强\SOFTWARE\软件安装\网络软件\KuGoo2\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\李詈海G强縗\OTHER\Fantasia\players\MidRadio\MidRadio.ocx
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - C:\WINDOWS\System32\DLMain.dll
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
蝎子便便 - 2005-12-10 22:07:00
谁知道老用户什么时间能升级到2006版。
apple888 - 2005-12-11 0:28:00
版主帮忙看看,我的杀毒软件最近一直发现有Backdoor.GPigeon.pd病毒,清除成功后第二天又有.请帮忙分析如何查杀,谢谢了!
Logfile of HijackThis v1.99.1
Scan saved at 23:43:17, on 2005-12-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\SAND\qqfacerclient.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\System32\Winlogo.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\My Documents\超级特工\GLSSPY-WJJ.exe
C:\PROGRA~1\RISING\RAV\Rav.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX02.136\HijackThis.exe
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] ; C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT] 中文上网
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://brblue.org/dating1/web.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://211.152.52.102/duba/antitrojan/update/OCX/KATScan.CAB
O16 - DPF: {DE3496D2-AFB9-47EB-A8C2-C3B330222513} (PhotoUpload Control) - http://www.photo.163.com/PhotoUpload.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{095E2475-8935-4C75-BB59-0DD4B6B0344A}: NameServer = 202.96.128.166 202.96.128.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{095E2475-8935-4C75-BB59-0DD4B6B0344A}: NameServer = 202.96.128.166 202.96.128.86
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: DCOM Server Process Launchers - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: QQFace - COMENET TECHNOLOGY - C:\Program Files\Common Files\SAND\qqfacerclient.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Winlogo - Unknown owner - C:\WINDOWS\System32\Winlogo.EXE
求救啊大哥 - 2005-12-11 4:48:00
大哥帮我看看啊,我是白痴电脑盲,中了2次昏迷.谢谢帮我一定看看啊
附件:
6351132005121144833.jpg
求救啊大哥 - 2005-12-11 4:50:00
文宁 - 2005-12-11 12:00:00
谢谢提供~~
转帖中~
baohe - 2005-12-11 16:39:00
【回复“apple888”的帖子】
O23 - Service: DCOM Server Process Launchers - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Winlogo - Unknown owner - C:\WINDOWS\System32\Winlogo.EXE
gui - 2005-12-11 18:22:00
为什么瑞星不在自己的产品里加入类似的东西啊!为何那么麻烦买正版软件图的就是方便啊!再说有几个人像楼主一样精通电脑!
西北老狼 - 2005-12-12 18:30:00
先收下再说
ancient小若 - 2005-12-12 18:52:00
请教斑竹,为什么我每次开机在显示屏的右下角都会出现“发现winl.exe>>C:\winl.exe->Backdoor.RCMD.c 病毒已清除”,是不是我的系统里有病毒了啊?我该如何?敬请指教!多谢了!
蜡笔小忻 - 2005-12-12 21:02:00
谢谢楼主
鸽子已经杀掉了
我也把那个SSM装了
但是每次开机都有提示说:“SSM会话没有完成”但我已经按帖子首页的设置选了,只是在“常规”选项中新版本有点不一样
请问是什么意思啊?
装的是官方多国语言版
一簔烟雨 - 2005-12-13 15:13:00
偶是菜鸟,看不懂日志,请版主帮忙看看,有问题没有。谢谢!!
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 15:06:26, 日期 2005-12-13
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Unable to get Internet Explorer version!
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\KV2005\KVSrvXP.exe
C:\Program Files\KV2005\kvwsc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\KV2005\KVMonXP.kxp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\System Safety Monitor\SysSafe.exe
C:\Program Files\KV2005\TrojDie.kxp
C:\Program Files\KV2005\KRegEx.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\taskmgr.exe
E:\TTPlayer\TTPlayer\TTPlayer.exe
E:\Program Files\Tencent\qq\QQ.exe
E:\maxthoncn\Maxthon.exe
G:\木马杀客\冰刃\HijackThis1[1].99.1\HijackThis1991zww.exe
O1 - Hosts: 202.108.22.119 www.hao123.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 202.105.31.72 www.qqreport.com
O1 - Hosts: 220.201.193.5 www.cnhacks.com
O1 - Hosts: 211.97.168.175 ruyi.onlinedown.net
O1 - Hosts: 210.52.216.215 bbs.1098.com.cn
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 222.208.168.135 www.qsch.net
O1 - Hosts: 209.120.239.16 www.tt6y.com
O1 - Hosts: 205.209.156.226 bbs.morok.net
O1 - Hosts: 65.54.153.254 spaces.msn.com
O1 - Hosts: 64.66.163.251 bbs1.sejie.com
O1 - Hosts: 219.153.14.16 zykj.yao68.cn
O1 - Hosts: 61.139.126.19 www.congl.com
O1 - Hosts: 222.36.45.211 www.li20.net
O1 - Hosts: 210.52.216.215 bbs.1098.com.cn
O1 - Hosts: 218.204.251.12 bbs.macd.cn
O1 - Hosts: 218.1.72.118 bbs.gw.com.cn
O1 - Hosts: 211.144.143.139 www.xtstock.com
O1 - Hosts: 221.229.127.201 www.seawindonline.com
O1 - Hosts: 61.151.248.110 www.mfzq.com.cn
O1 - Hosts: 61.151.248.110 www.mfzq.com.cn
O1 - Hosts: 61.129.75.76 www.jyzqlt.cn
O1 - Hosts: 219.153.18.165 www.cylzq.net
O1 - Hosts: 61.131.96.37 bbs.fjfox.com
O1 - Hosts: 61.139.76.81 bbs.tieren.net
O1 - Hosts: 61.139.76.81 www.tieren.net
O1 - Hosts: 222.36.44.67 www.88515808.com
O1 - Hosts: 61.152.116.116 scyj.stock.cnfol.com
O1 - Hosts: 61.154.127.78 bbs.pzz.cn
O1 - Hosts: 61.129.15.73 www.chinadforce.com
O1 - Hosts: 211.147.7.151 bbs.77169.com
O1 - Hosts: 218.28.167.142 hackbase.com
O1 - Hosts: 210.51.187.165 www.cnproxy.com
O1 - Hosts: 221.238.195.29 emuch.net
O1 - Hosts: 205.209.187.11 forum.e2002.com
O1 - Hosts: 218.202.107.82 www.itzero.com
O1 - Hosts: 61.152.167.118 www.cfanclub.net
O1 - Hosts: 61.157.96.27 www.dofile.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 219.142.168.67 www.kaspersky.com.cn
O1 - Hosts: 61.129.47.67 www.eimhe.com
O1 - Hosts: 219.142.168.67 www.kaspersky.com.cn
O1 - Hosts: 221.14.150.132 www2.3800cc.com
O1 - Hosts: 211.157.102.232 www.hacker.com.cn
O1 - Hosts: 61.166.33.214 www.netxeyes.com
O1 - Hosts: 219.238.233.252 forum.ikaka.com
O1 - Hosts: 221.10.254.87 www.friendin.net
O1 - Hosts: 211.99.206.102 bbs.jxue.com
O1 - Hosts: 61.135.153.17 forum.cul.sina.com.cn
O1 - Hosts: 222.46.112.146 www.yijuy.com
O1 - Hosts: 218.200.152.3 lyc.2000y.net
O1 - Hosts: 61.172.196.125 www.i-part.com.cn
O1 - Hosts: 202.101.62.24 bbs.xyhc.com
O1 - Hosts: 58.241.71.9 photo.163.com
O1 - Hosts: 61.136.60.107 www.chinabbs.com
O1 - Hosts: 202.105.31.85 bbs.tcyg.net
O1 - Hosts: 210.51.2.132 www.mohappy.com
O1 - Hosts: 61.152.93.48 www.1000fr.com
O1 - Hosts: 202.108.45.151 g3a24.mail.163.com
O1 - Hosts: 202.101.62.24 bbs.xyhc.com
O1 - Hosts: 202.108.43.230 mail.sina.com.cn
O1 - Hosts: 211.99.206.102 bbs.jxue.com
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2005\KvShell_1.dll
O3 - IE工具栏增项: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2005\KvShell_1.dll
O4 - 启动项HKLM\\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - 启动项HKLM\\Run: [KvMonXP] "C:\Program Files\KV2005\KVMonXP.kxp" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SystemSafetyMonitor] C:\Program Files\System Safety Monitor\SysSafe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\kvwspxp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2BE1CB-A188-4FF2-A7F2-30A1C975C572}: NameServer = 202.98.0.68 202.98.1.11
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: KVSrvXP - JiangMin New Tech Ltd. - C:\PROGRA~1\KV2005\KVSrvXP.exe
O23 - NT 服务: KVWSC - Jiangmin Co.Ltd - C:\Program Files\KV2005\kvwsc.exe
O23 - NT 服务: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
sage8201 - 2005-12-14 11:05:00
我上次中灰鸽子是在注册表和系统中删除相关的文件,然后再使用系统还原解决的。
天涯海角伴着你 - 2005-12-16 10:56:00
ddddddddd
天涯海角伴着你 - 2005-12-16 10:58:00
还是不错的
影子110 - 2005-12-16 11:18:00
| 引用: |
【一簔烟雨的贴子】偶是菜鸟,看不懂日志,请版主帮忙看看,有问题没有。谢谢!!
........................... |
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
这个是什么东西啊~~~
修复所有的01项,及06项
其它的没有发现什么问题,,
关闭所有的IE页面~
清空临时文件夹
清空临时文件夹的方法:
IE》属性》删除文件(包括脱机文件)》确定
还有,,,你的系统补丁是否打全,,,
另,还有个小建议,,(是针对IE的安全设置的,,IE》属性》安全》禁止下载Activex控件,禁止Activex控件自动提示,禁用二进制和脚本行为等,,,这些你可以自己看,,,不行可以再调回来,,)
风不定 - 2005-12-26 10:53:00
你好,我的机子也中了这木马,瑞星查杀出来全称是Backdoor.Gpigeon.uju可是重启后,进入QQ第一次打开好友就会自动发送这病毒,还有网页首页被固定,下面是我的日志,请帮忙看看,有没有病毒或可疑文件,有的话怎么查杀,谢谢!Logfile of HijackThis v1.99.1
Scan saved at 10:53:17, on 2005-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system\czujllchh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\TT\TTraveler.exe
D:\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {6BDE1669-B490-48E3-B668-456314F2D6C3} - (no file)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\flashget\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [czujllchh.exe] C:\WINDOWS\system\czujllchh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\flashget\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\flashget\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://211.152.52.102/duba/antitrojan/update/OCX/KATScan.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
© 2000 - 2026 Rising Corp. Ltd.