瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中了灰鸽子亮亮版,哪位高手告诉下怎么杀...急啊

1   1  /  1  页   跳转

中了灰鸽子亮亮版,哪位高手告诉下怎么杀...急啊

收藏
PEPSIBOY
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-09-08
  • 来自:
发表于: 2007-09-08 23:40 | 只看楼主 短消息 资料
字号: 1楼

中了灰鸽子亮亮版,哪位高手告诉下怎么杀...急啊

各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
诊断时间: 2007-09-08  23:06:32
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V7.0.5730.11 Build:75730
计算机物理内存:1023.48MB - 当前可用内存:559.09MB
R3 - 未知 - URLSearchHook: (淘宝工具条) - [无效的CLSID:{78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23}] - {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} - C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll
O3 - 未知 - Toolbar: (淘宝工具条) - [无效的CLSID:{78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23}] - {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} - C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll
O8 - 未知 - Extra context menu item: &使用快车(FlashGet)下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - 未知 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 未知 - Extra button: 快车(FlashGet)(HKLM) - e:\Program Files\FlashGet\FlashGet.exe
O15 - 未知 - Trusted Zone: https://mybank.icbc.com.cn
O15 - 未知 - Trusted Zone: http://www.icbc.com.cn
O16 - 未知 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper) - http://cache.tv.qq.com/qqlive_ocx/QQLiveInstaller.cab
O16 - 未知 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA) - https://img.alipay.com/download/1101/aliedit.cab
O16 - 未知 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - 未知 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - 未知 - DPF: {DC7094C6-8F61-42ED-AECE-63F5EEF647C5} (UpdateC2 Control) - http://www.uusee.com/player/updateC2.cab
O18 - 未知 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - E:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O21 - 未知 - Protocol Icons: HKCR\http\shell\open\command - "e:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\ftp\shell\open\command - "e:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\https\shell\open\command - "e:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\htmlfile\shell\open\command - "e:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O23 - 未知 - Service: AVP [保护计算机远离病毒和间谍软件的威胁。] - "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r - (running)
O23 - 未知 - Service: ewido anti-spyware 4.0 guard [ewido anti-spyware 4.0 guard] - e:\Program Files\ewido anti-spyware 4.0\guard.exe - (not running)
O23 - 未知 - Service: mnmsrvc [使授权用户能够通过使用 NetMeeting 跨企业 intranet 远程访问此计算机。如果此服务被停用,远程桌面服务将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。] -  - (not running)
O23 - 未知 - Service: Multi-user Cleanup Service [Multi-user Cleanup Service] - "D:\Program Files\lotus\notes\ntmulti.exe" - (not running)
O23 - 未知 - Service: NMIndexingService [NMIndexingService] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" - (not running)
O23 - 未知 - Service: P4P Service [P4P Service] -  - (not running)
O23 - 未知 - Service: WowSQL [WowSQL] -  - (not running)
O23 - 未知 - Service: WowWeb [Apache/2.0.59 (Win32) PHP/5.1.6] - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice - (not running)
O23 - 未知 - Service: 〖亮亮〗专业完美破解 [Liang_liang_Server2.03] -  - (not running)
O28 - 未知 - IELINK: C:\DOCUME~1\ADMINI~1\「开始~1\程序\附件\系统工具\INTERN~2.LNK -  -extoff
O28 - 未知 - IELINK: C:\DOCUME~1\ADMINI~1\「开始~1\程序\附件\系统工具\INTERN~1.LNK -  -extoff
=======================================


[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler ; .NET CLR 2.0.50727)
最后编辑2007-09-08 23:42:55.060000000
分享到:
gototop
 
PEPSIBOY
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-09-08
  • 来自:
发表于: 2007-09-08 23:42 | 只看楼主 短消息 资料
字号: 2楼

=======================================
O40 - winlogon.exe - Kaspersky Lab - C:\WINDOWS\system32\klogon.dll - Logon Visualizer - 7072750eb5c0f0cd54b48f972855ca61
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\system32\dfshim.dll - Application Deployment Support Library - b3511383c8be3a8c5b88a78971fc1141
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\system32\mscoree.dll - Microsoft .NET Runtime Execution Engine - acf0bc6406a776fc4072fb98e7b49cbf
=======================================
O41 - atitray - atitray - e:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys - (running) -  -  - f46afb51f1a1cb8c7ecd85533ca839fe
O41 - BIOS - I/O Interface driver file - C:\WINDOWS\system32\drivers\BIOS.sys - (running) - I/O Interface driver file - BIOSTAR Group - be5d50529799b9bab6be879ec768b6cf
O41 - d347bus - PnP BIOS Extension - C:\WINDOWS\system32\drivers\d347bus.sys - (running) - PnP BIOS Extension -  - 5776322f93cdb91086111f5ffbfda2a0
O41 - d347prt - SCSI miniport - C:\WINDOWS\system32\drivers\d347prt.sys - (running) - SCSI miniport -  - b49f79ace459763f4e0380071be9cb45
O41 - ewido anti-spyware 4.0 driver - ewido anti-spyware 4.0 driver - e:\Program Files\ewido anti-spyware 4.0\guard.sys - (running) -  -  - 9b6b54865bd0ec9ed2532dad89554969
O41 - kl1 - Kaspersky Unified Driver - C:\WINDOWS\system32\drivers\kl1.sys - (running) - Kaspersky Unified Driver - Kaspersky Lab - 5445b03cd42dedf5f85b9daf712fdd09
O41 - KLIF - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 92210989cc1d06f997b9628d8e4b1819
O41 - npkcrypt - nProtect KeyCrypt Driver - C:\Program Files\Tencent\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - NVENETFD - NVIDIA Networking Function Driver. - C:\WINDOWS\system32\drivers\NVENETFD.sys - (running) - NVIDIA Networking Function Driver. - NVIDIA Corporation - 4d6f0d3fb17c1ba64942f415c73adcdb
O41 - nvnetbus - NVIDIA Networking Bus Driver. - C:\WINDOWS\system32\drivers\nvnetbus.sys - (running) - NVIDIA Networking Bus Driver. - NVIDIA Corporation - 921e63aa1e1a20302223d016acafb52b
O41 - PSTRIP - PowerStrip support NT kernel-mode driver - C:\WINDOWS\system32\drivers\PStrip.sys - (running) - PowerStrip support NT kernel-mode driver - EnTech Taiwan - 0b2e867515b5009618ad46a27fe84542
O41 - BS_I2cIo - BS_I2cIo - C:\WINDOWS\system32\drivers\BS_I2cIo.sys - (not running) -  -  -
O41 - ENTECH - ENTECH - C:\WINDOWS\system32\drivers\Entech.sys - (not running) -  - EnTech Taiwan - fd9fc82f134b1c91004ffc76a5ae494b
O41 - RivaTuner32 - RivaTuner32 - E:\RivaTuner V2.0\RivaTuner32.sys - (not running) -  -  - 2c2e12d8355e2b8baee1876da0079195
=======================================
360Safe.exe=3.6.1.1001
AntiAdwa.dll=3.6.1.1001
AntiEng.dll=3.6.1.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
safelive.exe=1.0.0.2007
live.dll=1.0.1.1020
=======================================
操作历史报告:
----------清理恶评及系统插件历史----------
2007-06-18 23:15
清理恶评软件 - 搜狗工具条 - C:\Program Files\Common Files\Sogou PXP
2007-06-18 23:19
清理恶评软件 - 搜狗工具条 -
2007-08-11 12:42
清理恶评软件 - 很棒小秘书 -
2007-08-26 12:43
清理恶评软件 - 未知自动运行程序(Autorun) -
2007-09-08 21:49
清理恶评软件 - 灰鸽子变种0011 -
2007-07-09 23:36
清理恶评插件 - 搜狗工具条&地址栏直通车 -
2007-07-10 19:31
清理恶评插件 - 搜狗工具条&地址栏直通车 -
2007-08-06 18:50
清理恶评插件 - 搜狗客户端共享组件 - C:\Program Files\Common Files\Sogou PXP
清理恶评插件 - 搜狐播放器 -
2007-08-10 19:04
清理恶评插件 - 很棒小秘书 - C:\Program Files\PCAST
2007-08-18 23:45
清理恶评插件 - 搜狗客户端共享组件 -
清理恶评插件 - 很棒小秘书 - C:\Program Files\PCAST
清理恶评插件 - 搜狐播放器 -
清理恶评插件 - 播霸/猫眼网络电视迷你版 - C:\Program Files\pcast
2007-08-26 01:03
清理恶评插件 - 搜狗客户端共享组件 -
清理恶评插件 - 未知自动运行程序(Autorun) - I:\autorun.inf
清理恶评插件 - 搜狐播放器 -
2007-09-08 21:48
清理恶评插件 - 灰鸽子变种残留 - c:\windows\system32\PLUGIN~1.DLL
清理恶评插件 - 灰鸽子变种0011 - C:\WINDOWS\L_SERV~1.EXE
2007-09-08 21:48
清理恶评插件 - 灰鸽子变种0011 - C:\WINDOWS\L_SERV~1.EXE
gototop
 
PEPSIBOY
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-09-08
  • 来自:
发表于: 2007-09-08 23:42 | 只看楼主 短消息 资料
字号: 3楼

----------全面诊断修复历史----------
2007-05-28 23:52
O6 - 危险 - 禁止IE首页相关设置 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
O6 - 危险 - 禁止IE相关功能 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
2007-06-13 18:42
100 - 未知 - ntmulti.exe - D:\Program Files\lotus\notes\ntmulti.exe
2007-06-13 18:42
R0 - 未知 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
2007-06-13 18:43
R1 - 未知 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main
2007-06-13 18:43
O8 - 未知 - 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
2007-06-13 18:44
O23 - 未知 - Multi-user Cleanup Service - "D:\Program Files\lotus\notes\ntmulti.exe"
2007-06-13 18:44
O23 - 未知 - Multi-user Cleanup Service - "D:\Program Files\lotus\notes\ntmulti.exe"
2007-07-10 19:32
100 - 未知 - guard.exe - e:\Program Files\ewido anti-spyware 4.0\guard.exe
2007-07-10 19:33
O14 - 未知 - Web原始设置IERESET.INF - C:\WINDOWS\inf\iereset.inf
2007-07-10 21:19
100 - 安全 - CAP3RSK.EXE - C:\WINDOWS\system32\CAP3RSK.EXE
100 - 安全 - CAP3SWK.EXE - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
2007-07-10 21:19
O23 - 未知 - WowSQL - d:\wow\web\MySQL5\bin\mysqld-nt.exe --defaults-file=d:\wow\web\MySQL5\my.ini WowSQL
O23 - 未知 - WowWeb - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice
2007-08-16 19:55
100 - 未知 - ntmulti.exe - D:\Program Files\lotus\notes\ntmulti.exe
2007-08-16 19:55
100 - 安全 - CAP3RSK.EXE - C:\WINDOWS\system32\CAP3RSK.EXE
100 - 安全 - CAP3SWK.EXE - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
2007-08-16 19:55
O2 - 未知 - AliAntiFish Class - C:\PROGRA~1\Alisoft\Toolbar\assist\yangling.dll
O2 - 安全 - 超级兔子上网精灵 - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
2007-08-16 19:56
O2 - 未知 - assist - C:\Program Files\Alisoft\Toolbar\Assist\yassist.dll
2007-08-16 19:57
O8 - 未知 - 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 未知 - 播霸电视 - http://itv.mop.com
O23 - 安全 - P4P Service - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - 未知 - WowSQL - d:\wow\web\MySQL5\bin\mysqld-nt.exe --defaults-file=d:\wow\web\MySQL5\my.ini WowSQL
O23 - 未知 - WowWeb - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice
2007-09-08 22:07
O23 - 未知 - mnmsrvc -
2007-09-08 22:10
O23 - 未知 - mnmsrvc -
O23 - 未知 - Multi-user Cleanup Service - "D:\Program Files\lotus\notes\ntmulti.exe"
O23 - 未知 - NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - 未知 - WowSQL - d:\wow\web\MySQL5\bin\mysqld-nt.exe --defaults-file=d:\wow\web\MySQL5\my.ini WowSQL
O23 - 未知 - WowWeb - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice
O23 - 未知 - 〖亮亮〗专业完美破解 - C:\WINDOWS\L_Server2.03.exe
2007-09-08 22:15
O23 - 未知 - 〖亮亮〗专业完美破解 - C:\WINDOWS\L_Server2.03.exe
2007-09-08 22:26
O23 - 未知 - mnmsrvc -
O23 - 未知 - Multi-user Cleanup Service - "D:\Program Files\lotus\notes\ntmulti.exe"
O23 - 未知 - NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - 未知 - P4P Service -
O23 - 未知 - WowSQL -
O23 - 未知 - WowWeb - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice
O23 - 未知 - 〖亮亮〗专业完美破解 -
2007-09-08 22:29
O23 - 未知 - 〖亮亮〗专业完美破解 -
2007-09-08 22:42
O23 - 未知 - WowSQL -
O23 - 未知 - WowWeb - "d:\wow\web\Apache2\bin\Apache.exe" -k runservice
O23 - 未知 - 〖亮亮〗专业完美破解 -
=======================================
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT