endurer 原创
2007-06-20 第1版
这两天晚上都在忙着帮一位网友清除电脑中的病毒~
先用网友电脑中原有的 HijackThis 扫描 log,发现如下可疑项:
/---
Logfile of HijackThis v1.99.1
Scan saved at 23:35:36, on 2005-12-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:/WINDOWS/system32/kernl32.exe
C:/WINDOWS/system32/Rem.exe
C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE
C:/WINDOWS/svchost.exe
C:/WINDOWS/system32/216.exe
C:/WINDOWS/system32/xiaobo.exe
C:/WINDOWS/system32/dgd4bs.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
R3 - URLSearchHook: (no name) - {432053B9-B579-469D-985B-ADA27240CAE6} - (no file)
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,c:/WINDOWS/11191061761.exe
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/DOWNLO~1/CnsHook.dll
O2 - BHO: TBSB04805 - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:/Program Files/搜索栏(S)/sobar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O3 - Toolbar: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O4 - HKLM/../Run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe
O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/DOWNLO~1/CnsMin.dll,Rundll32
O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe
O4 - HKLM/../Run: [TinTSentp] C:/WINDOWS/system32/autoc0nv.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O9 - Extra button: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - Extra 'Tools' menuitem: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 中文上网
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:/PROGRA~1/WinKld/WinKld.dll
O23 - Service: Keep Spooler - Unknown owner - C:/Program.exe (file missing)
O23 - Service: kernl32 - Unknown owner - C:/WINDOWS/system32/kernl32.exe
O23 - Service: Net Login Helper (netlog) - Unknown owner - C:/WINDOWS/system32/SCardSer.exe
O23 - Service: svchost - Unknown owner - C:/WINDOWS/svchost.exe
O23 - Service: Windows Firewall - Unknown owner - C:/WINDOWS/G_Server1.23.exe
O23 - Service: Windows Accounts Driver (windows_0) - Unknown owner - C:/WINDOWS/system32/216.exe
O23 - Service: wljs0001.3322.org - Unknown owner - C:/WINDOWS/system32/wljs0001.3322.org.exe
---/
发现网友电脑的时间不正确。
居然有不少的流氓软件和垃圾软件~
病毒会自动用IE打开带毒的广告网页,得用ANI等漏洞下载病毒。
先把O23列出的可疑服务停止并禁用,有几个居然无法停止~
下载 pe_xscan 扫描 log,发现如下可疑项:
/---
pe_xscan 07-06-04 by Purple Endurer
2005-12-30 23:43:2
Windows XP Service Pack 2(5.1.2600)
管理员用户组
[System Process] * 0
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/system32/csrss.exe * 544 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/winlogon.exe * 568 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/winlib .dll
C:/WINDOWS/system32/45119F1B.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/kusn433sd3.dll | 2005-12-30 23:16:10 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/services.exe * 612 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/lsass.exe * 624 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/svchost.exe * 772 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/comwspn.dll | 2001-9-17 17:48:48
C:/WINDOWS/System32/svchost.exe * 920 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/wshirda.dll | 2004-8-16 16:39:10 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Windows Sockets Helper DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | wshirda.dll | wshirda.dll
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
c:/windows/system32/hmvqn.dll | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | szdj | Copyright (C) Microsoft Corporation 1990-2000 | 5.1.2600.0 | Microsoft Corporation| ? | szdj | szdj.dll
C:/WINDOWS/Explorer.EXE * 1272 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/PROGRA~1/WinKld/Winkld.dat | 2006-4-30 15:18:52 | WinKalendar | 2, 0, 0, 1 | WinKld | Copyright ? 2006 | 2, 0, 0, 1 | www.88dog.com | | WinKld | WinKld.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/system32/dmspn.dll | 2001-9-17 17:48:48
C:/WINDOWS/system32/kusn433sd3.dll | 2005-12-30 23:16:10 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/45119F1B.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 | | | alrex | ALREX.DLL
C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 | | CnsHook | CnsHook.dll
C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 | | CnsMinAL | AutoLive.dll
C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 | LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 | | | LiveEx | alliveex.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 | | | YAlive | YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 | LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 | | | LiveEx | LiveEx.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ywiper.dll | 2005-11-28 15:52:8 | Wiper 动态链接库 | 1, 0, 1, 1014 | Wiper 动态链接库 | 版权所有 (C) 2005 | 1, 0, 1, 1014| ?| ? | Wiper | ywiper.dll
C:/WINDOWS/system32/Rundll32.exe * 1556 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/DOWNLO~1/CnsMinIO.dll | 2007-4-28 16:33:54 | 3721 CnsMinIO | 2, 5, 0, 4 | CnsMinIO | 版权所有 (C) 2001 - 2004 | 2, 5, 0, 4 | 北京三七二一科技有限公司 | | CnsMinIO | CnsMinIO.dll
C:/WINDOWS/DOWNLO~1/cnsio.dll | 2007-4-28 16:33:42 | 3721 CnsIO | 2, 5, 0, 3 | cnsio | 版权所有 (C) 2001 - 2004 | 2, 5, 0, 3 | 北京三七二一科技有限公司 | | cnsio | cnsio.dll
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/system32/spoolsv.exe * 1784 | 2005-6-11 7:53:32 | Microsoft? Windows? Operating System | 5.1.2600.2696 | Spooler SubSystem App | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Microsoft Corporation| ? | spoolsv.exe | spoolsv.exe
C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/kernl32.exe * 1092 | 2004-8-17 12:0:0
C:/WINDOWS/system32/Rem.exe * 1956 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe
C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE * 1984 | 2004-8-17 12:0:0 | Microsoft(R) Windows (R) 2000 Operating System | 5.00.2134.1 | Run a DLL as an App | Copyright (C) Microsoft Corp. 1981-1999 | 5.00.2134.1 | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/WINDOWS/SYSTEM32/WBEM/XGBIR.DLL | 2004-8-17 12:0:0 | irJIT | 5, 1, 2600, 2709 | Microsoft irJIT Module | (C) Microsoft Corporation. All rights reserved. | 5, 1, 2600, 2709 | Microsoft Corporation| ? | IRJIT | IRJIT.dll
C:/WINDOWS/svchost.exe * 2172 | 2004-8-17 12:0:0
C:/WINDOWS/system32/216.exe * 2328 | 2005-6-11 11:5:34
C:/WINDOWS/system32/xiaobo.exe * 2404 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe
C:/WINDOWS/system32/dgd4bs.exe * 2800 | 2005-12-30 23:17:2
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe * 2812 | 2007-4-24 9:43:36 | YLive | 2, 0, 7, 1010 | YLive | Copyright 2005 Yahoo! China | 2, 0, 7, 1010 | Yahoo! China | | YLive | YLive.exe
C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe | 2007-4-24 9:43:36 | YLive | 2, 0, 7, 1010 | YLive | Copyright 2005 Yahoo! China | 2, 0, 7, 1010 | Yahoo! China | | YLive | YLive.exe
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 | | | YAlive | YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 | LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 | | | LiveEx | LiveEx.dll
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/ynotifier.dll | 2005-9-13 16:31:38 | Notifier Module | 1, 0, 0, 5 | Notifier Module | Copyright 2004 | 1, 0, 0, 5 | | | Notifier | Notifier.DLL
C:/WINDOWS/msagent/AgentSvr.exe * 3160 | 2004-8-17 12:0:0 | Microsoft Agent Server | 2.00.0.3422 | Microsoft Agent Server | Copyright (C) Microsoft Corp. 1997-98 | 2.00.0.3422 | Microsoft Corporation | | AgentServer | AgentSvr.exe
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/WINDOWS/SOUNDMAN.EXE * 3292 | 2006-3-2 7:22:4 | Realtek Sound Manager | 5, 1, 0, 52 | Realtek Sound Manager | Copyright (c) 2001-2004 Realtek Semiconductor Corp. | 5, 1, 0, 52 | Realtek Semiconductor Corp. | | ALSMTray | ALSMTray.exe
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/system32/rundll32.exe * 3672 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 | | CnsMinAL | AutoLive.dll
C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 | LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 | | | LiveEx | alliveex.dll
C:/WINDOWS/system32/ctfmon.exe * 3812 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 2656 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 | | ScrBlock | ScrBlock.dll
C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 | | | alrex | ALREX.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock | | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 | | CnsHint | CnsHint.dll
C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 | | CnsMinAL | AutoLive.dll
C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 | LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 | | | LiveEx | alliveex.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 | | | YAlive | YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 | LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 | | | LiveEx | LiveEx.dll
C:/WINDOWS/DOWNLO~1/cnsplus.dll | 2006-12-20 18:7:6 | 3721 CnsPlus | 2, 5, 0, 2 | CnsPlus | Copyright ? 2004 | 2, 5, 0, 2 | 3721 | | CnsPlus | CnsPlus.dll
C:/Program Files/搜索栏(S)/sobar.dll | 2007-5-17 16:53:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Engine | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbcore3 | tbcore3.dll
C:/Program Files/搜索栏(S)/tbhelper.dll | 2007-5-17 16:53:0 | IE Toolbar | 3, 5, 0, 1 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbhelper | tbhelper.dll
C:/Program Files/搜索栏(S)/alert_plugin.dll | 2007-4-27 11:12:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Alert Plugin | Copyright ? 2007 | 3, 5, 0, 0 | | | alert_plugin | alert_plugin.dll
C:/Program Files/搜索栏(S)/tabs_plugin.dll | 2007-4-27 12:2:0 | IE Toolbar | 3, 5, 0, 0 | IE Toolbar Tabs Plugin | Copyright ? 2007 | 3, 5, 0, 0 | | | tabs_plugin | tabs_plugin.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-3-21 13:51:24 | yPhtb | 1, 1, 3, 1035 | yPhtb | Copyright 2005 Yahoo! China | 1, 1, 3, 1035 | Yahoo! China | | | yPhtb.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll | 2007-4-24 9:42:56 | yangling Module | 1, 0, 9, 1010 | yangling.dll | | 1, 0, 9, 1010 | Yahoo. | Yahoo! | yangling.dll | yAngling.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-3-9 16:59:54 | DragSearch | 1, 2, 8, 1009 | DragSearch | Copyright 2005 | 1, 2, 8, 1009 | | | | ydragsearch.dll
C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 | | CnsHook | CnsHook.dll
C:/program files/internet explorer/iexplore.exe * 2744 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/system32/winsys32_070616.dll | 2005-12-30 23:18:10
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 | | ScrBlock | ScrBlock.dll
C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 | | | alrex | ALREX.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock | | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 | | CnsHint | CnsHint.dll
C:/Program Files/QQ2006/QQ.exe * 2080 | 2006-5-9 17:23:22 | TENCENT QQ | 0, 0, 0, 0 | QQ | Copyright ? 2005 | 0, 0, 0, 0 | TENCENT | | COMQQD | QQ.exe
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 | | CnsHook | CnsHook.dll
C:/Program Files/QQ2006/TIMPlatform.exe * 3044 | 2006-4-25 16:13:36 | tencent TIMPlatform | 0, 3, 1, 8 | TIMPlatform | Copyright ? 2005 | 0, 3, 1, 8 | tencent | | TIMPlatform | TIMPlatform.exe
C:/Program Files/QQ2006/TIMPlatform.exe | 2006-4-25 16:13:36 | tencent TIMPlatform | 0, 3, 1, 8 | TIMPlatform | Copyright ? 2005 | 0, 3, 1, 8 | tencent | | TIMPlatform | TIMPlatform.exe
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/Program Files/QQ2006/TIMProxy.dll | 2006-4-25 17:9:56 | tencent QQMainCreatorProxy | 0, 3, 2, 4 | TIMProxy | Copyright ? 2004 | 0, 3, 2, 4 | tencent | | TIMProxy | QQMainCreatorProxy.dll
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 1504 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 | | Autolive_helper | Helper.dll
C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 | | ScrBlock | ScrBlock.dll
C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 | | | alrex | ALREX.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 | | | Helper | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock | | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll
C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 | | CnsHint | CnsHint.dll
C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 | | CnsMinAL | AutoLive.dll
C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 | LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 | | | LiveEx | alliveex.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 | | | YAlive | YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 | LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 | | | LiveEx | LiveEx.dll
C:/WINDOWS/DOWNLO~1/cnsplus.dll | 2006-12-20 18:7:6 | 3721 CnsPlus | 2, 5, 0, 2 | CnsPlus | Copyright ? 2004 | 2, 5, 0, 2 | 3721 | | CnsPlus | CnsPlus.dll
C:/Program Files/搜索栏(S)/sobar.dll | 2007-5-17 16:53:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Engine | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbcore3 | tbcore3.dll
C:/Program Files/搜索栏(S)/tbhelper.dll | 2007-5-17 16:53:0 | IE Toolbar | 3, 5, 0, 1 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbhelper | tbhelper.dll
C:/Program Files/搜索栏(S)/alert_plugin.dll | 2007-4-27 11:12:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Alert Plugin | Copyright ? 2007 | 3, 5, 0, 0 | | | alert_plugin | alert_plugin.dll
C:/Program Files/搜索栏(S)/tabs_plugin.dll | 2007-4-27 12:2:0 | IE Toolbar | 3, 5, 0, 0 | IE Toolbar Tabs Plugin | Copyright ? 2007 | 3, 5, 0, 0 | | | tabs_plugin | tabs_plugin.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-3-21 13:51:24 | yPhtb | 1, 1, 3, 1035 | yPhtb | Copyright 2005 Yahoo! China | 1, 1, 3, 1035 | Yahoo! China | | | yPhtb.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll | 2007-4-24 9:42:56 | yangling Module | 1, 0, 9, 1010 | yangling.dll | | 1, 0, 9, 1010 | Yahoo. | Yahoo! | yangling.dll | yAngling.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-3-9 16:59:54 | DragSearch | 1, 2, 8, 1009 | DragSearch | Copyright 2005 | 1, 2, 8, 1009 | | | | ydragsearch.dll
C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 | | CnsHook | CnsHook.dll
F2 - REG: system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,c:/WINDOWS/11191061761.exe
O2 - BHO Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll
O2 - BHO AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll
O2 - BHO 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O2 - BHO DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL
O2 - BHO C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/DOWNLO~1/CnsHook.dll
O2 - BHO TBSB04805 Class - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:/Program Files/搜索栏(S)/sobar.dll
O3 - IE工具栏: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O3 - IE工具栏: - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O4 - HKCR/../Run: [Yahoo! Pager] "C:/PROGRA~1/Yahoo!/MESSEN~1/YAHOOM~1.EXE" -quiet
O4 - HKLM/../Run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe
O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/DOWNLO~1/CnsMin.dll,Rundll32
O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe
O4 - HKLM/../Run: [TinTSentp] C:/WINDOWS/system32/autoc0nv.exe
O4 - HKLM/../Run: [helper.dll] C:/WINDOWS/system32/rundll32.exe C:/PROGRA~1/3721/helper.dll,Rundll32
O4 - HKLM/../Policies/Explorer/Run: [Userinit] rundll32.exe C:/WINDOWS/system32/winsys16_070616.dll start
C:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
D:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
E:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
F:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
O8 - IE右键菜单附加项 : 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O9 - IE工具栏扩展按钮HKLM:工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - IE工具菜单扩展项HKLM:工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - IE工具栏扩展按钮HKLM:Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomailO9 - IE工具菜单扩展项HKLM: - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomailO9 - IE工具栏扩展按钮HKLM:名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816O9 - IE工具菜单扩展项HKLM: - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816O9 - IE工具栏扩展按钮HKLM:雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassistO9 - IE工具菜单扩展项HKLM: - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassistO9 - IE工具栏扩展按钮HKLM:雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=CnsO9 - IE工具菜单扩展项HKLM: - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=CnsO9 - IE工具栏扩展按钮HKLM:情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsgO9 - IE工具菜单扩展项HKLM: - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsgO9 - IE工具栏扩展按钮HKLM: - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repairO9 - IE工具菜单扩展项HKLM:修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repairO9 - IE工具栏扩展按钮HKLM: - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=cleanO9 - IE工具菜单扩展项HKLM:清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
O11 - IE扩展选项组:!CNS ( 中文上网) = @C:/WINDOWS/DOWNLO~1/CnsMin.dll,-117
O21 - SSODL - SysTime(88Dog.Kalendar) - {724C75F1-B757-408D-A50A-4CF99DA35D73} = C:/PROGRA~1/WinKld/WinKld.dll
O23 - 服务: 3A452D83 (3A452D83) - C:/WINDOWS/system32/24E9F3BC.EXE -k | 2005-6-18 22:49:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: acpidisk (acpidisk) - C:/WINDOWS/system32/drivers/acpidisk.sys | 2007-5-8 11:14:50(自动)
O23 - 服务: AEA6EAEC (AEA6EAEC) - C:/WINDOWS/system32/2DD519ED.EXE -p | 2007-6-16 6:27:26 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: B302EC43 (B302EC43) - C:/WINDOWS/system32/75D23BE4.EXE -d | 2005-12-30 23:12:42 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: CnsMinKP (CnsMinKP) - system32/drivers/CnsMinKP.sys | KMD | 2.0.3.9 | KMD | Copyright (c) 3721 Corporation. | 2.0.3.9 | Copyright (C) 3721 Corporation.| ? | CnsMinKP.sys | CnsMinKP.sys(引导)
O23 - 服务: CnsStd (CnsStd) - C:/WINDOWS/System32/drivers/CnsStd.sys | 2005-6-10 16:48:18 | 中文上网 | 1, 0, 0, 1002| ?| ? | 1, 0, 0, 1002 | 北京三七二一科技有限公司| ?| ?| ?(自动)
O23 - 服务: FB000E3A (FB000E3A) - C:/WINDOWS/system32/F77B20D5.EXE -k | 2005-12-30 22:51:2 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: Investor (HTTP Secure Manager) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/system32/hmvqn.dll | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | szdj | Copyright (C) Microsoft Corporation 1990-2000 | 5.1.2600.0 | Microsoft Corporation| ? | szdj | szdj.dll(自动)
O23 - 服务: kdkfpdnd (kdkfpdnd) - C:/WINDOWS/System32/drivers/kdkfpdnd.sys | 2005-12-30 22:50:14 | sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)
O23 - 服务: Keep Spooler (Keep Spooler) - C:/Program Files/Common Files/kim(自动)
O23 - 服务: kernl32 (kernl32) - C:/WINDOWS/system32/kernl32.exe | 2004-8-17 12:0:0(自动)
O23 - 服务: kusn33sd (kusn33sd) - C:/WINDOWS/system32/kusn33sd.exe -j | 2005-12-30 22:50:30 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: netlog (Net Login Helper) - C:/WINDOWS/system32/SCardSer.exe | 2001-9-17 17:48:48(自动)
O23 - 服务: R2A (R2A) - C:/WINDOWS/system32a2.sys(禁用)
O23 - 服务: Rem (re Call System(RPCS)) - C:/WINDOWS/system32/Rem.exe | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe(自动)
O23 - 服务: SOCEESe (Intranet Messenger) - C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE C:/WINDOWS/SYSTEM32/WBEM/XGBIR.DLL,DllRegisterServer 1087(自动)
O23 - 服务: svchost (svchost) - C:/WINDOWS/svchost.exe | 2004-8-17 12:0:0(自动)
O23 - 服务: Windows Firewall (Windows Firewall) - C:/WINDOWS/G_Server1.23.exe | 2005-6-14 16:4:2(自动)
O23 - 服务: windows_0 (Windows Accounts Driver) - C:/WINDOWS/system32/216.exe | 2005-6-11 11:5:34(自动)
O23 - 服务: wljs0001.3322.org (wljs0001.3322.org) - C:/WINDOWS/system32/wljs0001.3322.org.exe | 2005-12-30 23:13:2(自动)
O23 - 服务: xiaobo (xiaobo) - C:/WINDOWS/system32/xiaobo.exe | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe(自动)
O24 - ShlExecHook: [CnsHook Class] - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:/WINDOWS/DOWNLO~1/CnsHook.dll
O25 - InsCom: {2bf41073-b2b1-21c1-b5c1-0701f4155588} = C:/Program Files/Common Files/Services/svchost.exe
---/
用IceSword 查看,又发现两个隐藏的IE进程。
其中有几个病毒进程互相守护,用IceSword,禁止进程创建和禁用协件,再终止病毒进程,几次都造成蓝屏~
标签:lg,WINDOWS,Corporation,dll,Win32,Backdoor,2007,Microsoft,PROGRA From: https://blog.51cto.com/endurer/5881550