瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 我的日志...
扬眉吐 - 2006-2-4 13:35:00
Logfile of Kaka v2. 0. 0. 7 Scan Module v2. 0. 0. 1
Scan saved at 13:32:16, on 2006-02-04
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[CDAC11BA.EXE]
CommandLine = C:\WINDOWS\System32\drivers\CDAC11BA.EXE

[inetinfo.exe]
CommandLine = C:\WINDOWS\System32\inetsrv\inetinfo.exe

[mdm.exe]
CommandLine = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"

[NTRtScan.exe]
CommandLine = "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"

[nvsvc32.exe]
CommandLine = C:\WINDOWS\System32\nvsvc32.exe

[TmListen.exe]
CommandLine = "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[OfcPfwSvc.exe]
CommandLine = "C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe"

[rundll32.exe]
CommandLine = Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[SE45D0.EXE]
CommandLine = "C:\WINDOWS\TEMP\SE45D0.EXE"

[PccNTMon.exe]
CommandLine = "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

[PFW.exe]
CommandLine = "C:\PROGRA~1\SkyNet\FireWall\pfw.exe"

[rundll32.exe]
CommandLine = "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\3721\helper.dll,Rundll32

[yassistse.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[QQ.exe]
CommandLine = "C:\Program Files\Tencent\QQ\QQ.exe"

[rundll32.exe]
CommandLine = rundll32 nView.dll,nViewInitialize

[TIMPlatform.exe]
CommandLine = "C:\Program Files\Tencent\QQ\TIMPlatform.exe" -Embedding

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.jxgrain.gov.cn/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\Downlo~1\ddtinit.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\WINDOWS\Downlo~1\ddtkillw.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: DragSearch BHO - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\Downlo~1\DDTONG~1.DLL
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Expatch] C:\WINDOWS\System32\explore.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=013006 serial=DR12CEW-8278773-CFW lang=EN
O4 - HKLM\..\Run: [cnsmin] msisexec.exe
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\RunServices: [hws] C:\WINDOWS\hws.exe
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
扬眉吐 - 2006-2-4 13:37:00
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\WINDOWS\Downlo~1\sinadl.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - d:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - d:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246
O9 - Extra Button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra Button: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - d:\DZH\Internet\dzh_internet.lnk (file missing)
O9 - Extra 'Tools' menuitem: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - d:\DZH\Internet\dzh_internet.lnk (file missing)
O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra Button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra Button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra Button: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing)
O9 - Extra Button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra Button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\WinTcp.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\WinTcp.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [TBH]  QQ地址栏搜索插件
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.10.99/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.10.99/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.10.99/officescan/console/ClientInstall/setup.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\yun.mht!http://www.65173.com/2//helpyou.CHM::/22.exe
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.10.99/officescan/console/html/AtxEnc.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸安全助手) - http://218.30.82.36/md5/YahooOnlineScanTest/KOSInit.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.10.99/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121735253312
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://imgcache.qq.com/qzone/photo/QzoneMediaTools.cab
O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{072AC18E-52FB-4D56-A7C8-276AE6A8FD7A}: NameServer = 10.1.10.1,218.87.20.11
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - d:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) - Macrovision - C:\WINDOWS\system32\drivers\cdac11ba.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) -  - C:\WINDOWS\G_Server.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) -  - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Smart Card Event (Smart Card Event) -  - C:\Program Files\zsxz\UrlService.exe
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Winnt SQl Services (Winnt SQl Services) -  - C:\WINDOWS\wintsql.exe
扬眉吐 - 2006-2-7 11:04:00
没人看?
ppdog - 2006-2-7 11:20:00
安全模式修复:
O4 - HKLM\..\RunServices: [hws] C:\WINDOWS\hws.exe

删除:
C:\WINDOWS\hws.exe
C:\WINDOWS\TEMP\下的全部内容


这两项鸽子
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - - C:\WINDOWS\G_Server.exe
O23 - Service: Winnt SQl Services (Winnt SQl Services) - - C:\WINDOWS\wintsql.exe
参考:
http://forum.ikaka.com/topic.asp?board=28&artid=7713905  关于HijackThis日志发现灰鸽子的处理方法
不言放弃 - 2006-2-7 12:09:00
结束的下面的进程
[SE45D0.EXE]
CommandLine = "C:\WINDOWS\TEMP\SE45D0.EXE"

进入注册表
删除如下几项:
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL
O4 - HKLM\..\Run: [Expatch] C:\WINDOWS\System32\explore.exe
O4 - HKLM\..\RunServices: [hws] C:\WINDOWS\hws.exe

开始--控制面板--管理工具--服务
禁用如下服务:
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - - C:\WINDOWS\G_Server.exe
O23 - Service: Winnt SQl Services (Winnt SQl Services) - - C:\WINDOWS\wintsql.exe
O23 - Service: Smart Card Event (Smart Card Event) - - C:\Program Files\zsxz\UrlService.exe
下载:http://www.cexx.org/lspfix.exe
修复C:\WINDOWS\System32\WinTcp.dll
修复方法参考图片
注意这次应该选中WinTcp.dll

卸载清除C:\Program Files\zsxz

删除
C:\WINDOWS\TEMP\SE45D0.EXE
C:\WINDOWS\system32\BOCAIT~1.DLL
C:\WINDOWS\System32\explore.exe
C:\WINDOWS\hws.exe
C:\WINDOWS\G_Server.exe
C:\WINDOWS\wintsql.exe
以及C:\WINDOWS\TEMP下的所有文件

另外
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - - C:\WINDOWS\G_Server.exe
O23 - Service: Winnt SQl Services (Winnt SQl Services) - - C:\WINDOWS\wintsql.exe
是灰鸽子
具体操作请参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905

附件: 364052200627120901.JPG
影子110 - 2006-2-7 12:10:00
O23 - Service: Smart Card Event (Smart Card Event) - - C:\Program Files\zsxz\UrlService.exe
还有这匹马~~
扬眉吐 - 2006-2-7 15:11:00
谢谢
1
查看完整版本: 我的日志...
© 2000 - 2026 Rising Corp. Ltd.