刚扫描出来的..看不懂..希望懂这滴人帮我分析哈..:)
一共5张图..
字数太多所以没直接复制..
分析好啦可以直接在帖上留言..或者加我QQ361224566..谢谢..
--------------------------------------------------------
一些删不掉的我已经用其它软件把注册表给删了然后再删文件的.成功啦..
也谢谢斑竹的帮助..
[ 本帖最后由 cheng19931106 于 2006-7-4 09:29 编辑 >
还有一张..~
没有啦..图有点不清楚..:L
HijackThis_815汉化版扫描日志 V1.99.1
保存于 13:52:09, 日期 2006-7-2
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\rising\rav\RavTimer.exe
D:\tools\Tencent\TT\TTraveler.exe
D:\tools\Tencent\qq\QQ.exe
D:\tools\Tencent\qq\TIMPlatform.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\chengshidai\桌面\程正楠\安装文件\HijackThis1991zww.exe
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
R3 - URLSearchHook: (no name) - {1ED2A9E5-FEDA-4934-B916-A6BDFB213ED6} - C:\WINDOWS\system32\Sndbm.dll
R3 - URLSearchHook: (no name) - {5C4BCD87-C71C-4916-8032-C0A5EF12CB31} - C:\WINDOWS\system32\Hnxak.dll
R3 - URLSearchHook: (no name) - {4F4B4D4E-9E8C-4B71-ABEC-36C929EA0BC5} - C:\WINDOWS\system32\Kfois.dll
R3 - URLSearchHook: (no name) - {07744CBF-64E3-4C18-A146-E38B831898C8} - C:\WINDOWS\system32\Dfwso.dll
R3 - URLSearchHook: (no name) - {48FDE4F7-9C0D-45CF-A149-68243BCF87F8} - C:\WINDOWS\system32\Merha.dll
R3 - URLSearchHook: (no name) - {C6487F85-310A-4794-9FE0-F3C802ABCDE0} - C:\WINDOWS\system32\Htjdu.dll
R3 - URLSearchHook: (no name) - {1C86D49F-998C-4069-AA5A-3EC36815EBD7} - C:\WINDOWS\system32\Hezpj.dll
R3 - URLSearchHook: (no name) - {25E681C1-3B93-40CC-87D0-A4A389D08C6C} - C:\WINDOWS\system32\Dcbt.dll
R3 - URLSearchHook: (no name) - {96383912-B90D-452F-9533-F27E0C9C4A4A} - C:\WINDOWS\system32\Lggd.dll
R3 - URLSearchHook: (no name) - {59482D51-9A66-4A3F-A11C-E1D07377D567} - C:\WINDOWS\system32\Viqbp.dll
R3 - URLSearchHook: (no name) - {0D451658-CC3B-4DD1-9724-0B9E5A56308F} - C:\WINDOWS\system32\Dplz.dll
R3 - URLSearchHook: (no name) - {19E6153F-18E9-4A6D-885D-A9130CB36DFE} - C:\WINDOWS\system32\Uurf.dll
R3 - URLSearchHook: (no name) - {36BEDCD1-C985-489C-9A70-F4E49D08B301} - C:\WINDOWS\system32\Hhjpvz.dll
R3 - URLSearchHook: (no name) - {2920D630-430C-487E-84EE-8BEF157F339B} - C:\WINDOWS\system32\Jnqj.dll
R3 - URLSearchHook: (no name) - {1BADF119-B409-41F3-BCA0-2FF74D78DAAD} - C:\WINDOWS\system32\Ohishd.dll
R3 - URLSearchHook: (no name) - {915A7D65-F1E8-464C-B56E-4B274374283C} - C:\WINDOWS\system32\Lnwm.dll
R3 - URLSearchHook: (no name) - {AFCB837C-AF4E-4F34-9EEE-C64819111B23} - C:\WINDOWS\system32\Ptqax.dll
O2 - BHO: (no name) - {07744CBF-64E3-4C18-A146-E38B831898C8} - C:\WINDOWS\system32\Dfwso.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {0D451658-CC3B-4DD1-9724-0B9E5A56308F} - C:\WINDOWS\system32\Dplz.dll
O2 - BHO: (no name) - {19E6153F-18E9-4A6D-885D-A9130CB36DFE} - C:\WINDOWS\system32\Uurf.dll
O2 - BHO: (no name) - {1BADF119-B409-41F3-BCA0-2FF74D78DAAD} - C:\WINDOWS\system32\Ohishd.dll
O2 - BHO: (no name) - {1C86D49F-998C-4069-AA5A-3EC36815EBD7} - C:\WINDOWS\system32\Hezpj.dll
O2 - BHO: (no name) - {1ED2A9E5-FEDA-4934-B916-A6BDFB213ED6} - C:\WINDOWS\system32\Sndbm.dll
O2 - BHO: (no name) - {25E681C1-3B93-40CC-87D0-A4A389D08C6C} - C:\WINDOWS\system32\Dcbt.dll
O2 - BHO: (no name) - {2920D630-430C-487E-84EE-8BEF157F339B} - C:\WINDOWS\system32\Jnqj.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: (no name) - {36BEDCD1-C985-489C-9A70-F4E49D08B301} - C:\WINDOWS\system32\Hhjpvz.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O2 - BHO: (no name) - {48FDE4F7-9C0D-45CF-A149-68243BCF87F8} - C:\WINDOWS\system32\Merha.dll
O2 - BHO: (no name) - {4F4B4D4E-9E8C-4B71-ABEC-36C929EA0BC5} - C:\WINDOWS\system32\Kfois.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\tools\Tencent\qq\QQIEHelper.dll
O2 - BHO: (no name) - {59482D51-9A66-4A3F-A11C-E1D07377D567} - C:\WINDOWS\system32\Viqbp.dll
O2 - BHO: (no name) - {5C4BCD87-C71C-4916-8032-C0A5EF12CB31} - C:\WINDOWS\system32\Hnxak.dll
O2 - BHO: QQIEHelper - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\DOCUME~1\CHENGS~1\LOCALS~1\Temp\SSLive.dll
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: (no name) - {915A7D65-F1E8-464C-B56E-4B274374283C} - C:\WINDOWS\system32\Lnwm.dll
O2 - BHO: (no name) - {96383912-B90D-452F-9533-F27E0C9C4A4A} - C:\WINDOWS\system32\Lggd.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AFCB837C-AF4E-4F34-9EEE-C64819111B23} - C:\WINDOWS\system32\Ptqax.dll
O2 - BHO: (no name) - {C6487F85-310A-4794-9FE0-F3C802ABCDE0} - C:\WINDOWS\system32\Htjdu.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O4 - 启动项HKLM\\Run: [YLive.exe> C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse> "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [TkBellExe> "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [popo2004> C:\Program Files\Netease\popo2004\Start.exe
O4 - 启动项HKLM\\Run: [CnsMin> Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [stup.exe> C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\tools\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DuDu下载加速器.lnk = ?
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载全部链接 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/203
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\tools\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\tools\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\tools\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\tools\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - (file missing)
O9 - 浏览器额外的按钮: 钟惠廷 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\tools\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\tools\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\tools\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\tools\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - (file missing)
O11 - Options group: [!CNS> 上网助手-地址栏搜索
O11 - Options group: [TBH> 搜搜地址栏搜索
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) -
O16 - DPF: {32D72994-45B9-42B5-8980-FB561D1BE2D0} (nEdit Control) -
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) -
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) -
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (PhotoUploadCtrl Control) -
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) -
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) -
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) -
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) -
O16 - DPF: {DE3496D2-AFB9-47EB-A8C2-C3B330222513} (PhotoUpload Control) -
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) -
O16 - DPF: {FCEFD5DD-7152-4317-ABC1-16682376EE7A} (dddolsp Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A299A0-EEBB-4C76-AE0F-252665E15617}: NameServer = 211.94.33.193,211.91.120.129
O23 - NT 服务: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
图不太清楚就再把日志弄出来了..:P 分了两段发..最后一段..没啦..
刚查了哈..20多个文件有病毒..还没查完:L
总滴来说是三种病毒..
Trojan.DL.Agent.vp
Trojan.Clicker.Agent.so
Trojan.Agent.cac
搞不懂:'(
急死人哒..
看不懂..
没人帮忙``
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
R3 - URLSearchHook: (no name) - {1ED2A9E5-FEDA-4934-B916-A6BDFB213ED6} - C:\WINDOWS\system32\Sndbm.dll
R3 - URLSearchHook: (no name) - {5C4BCD87-C71C-4916-8032-C0A5EF12CB31} - C:\WINDOWS\system32\Hnxak.dll
R3 - URLSearchHook: (no name) - {4F4B4D4E-9E8C-4B71-ABEC-36C929EA0BC5} - C:\WINDOWS\system32\Kfois.dll
R3 - URLSearchHook: (no name) - {07744CBF-64E3-4C18-A146-E38B831898C8} - C:\WINDOWS\system32\Dfwso.dll
R3 - URLSearchHook: (no name) - {48FDE4F7-9C0D-45CF-A149-68243BCF87F8} - C:\WINDOWS\system32\Merha.dll
R3 - URLSearchHook: (no name) - {C6487F85-310A-4794-9FE0-F3C802ABCDE0} - C:\WINDOWS\system32\Htjdu.dll
R3 - URLSearchHook: (no name) - {1C86D49F-998C-4069-AA5A-3EC36815EBD7} - C:\WINDOWS\system32\Hezpj.dll
R3 - URLSearchHook: (no name) - {25E681C1-3B93-40CC-87D0-A4A389D08C6C} - C:\WINDOWS\system32\Dcbt.dll
R3 - URLSearchHook: (no name) - {96383912-B90D-452F-9533-F27E0C9C4A4A} - C:\WINDOWS\system32\Lggd.dll
R3 - URLSearchHook: (no name) - {59482D51-9A66-4A3F-A11C-E1D07377D567} - C:\WINDOWS\system32\Viqbp.dll
R3 - URLSearchHook: (no name) - {0D451658-CC3B-4DD1-9724-0B9E5A56308F} - C:\WINDOWS\system32\Dplz.dll
R3 - URLSearchHook: (no name) - {19E6153F-18E9-4A6D-885D-A9130CB36DFE} - C:\WINDOWS\system32\Uurf.dll
R3 - URLSearchHook: (no name) - {36BEDCD1-C985-489C-9A70-F4E49D08B301} - C:\WINDOWS\system32\Hhjpvz.dll
R3 - URLSearchHook: (no name) - {2920D630-430C-487E-84EE-8BEF157F339B} - C:\WINDOWS\system32\Jnqj.dll
R3 - URLSearchHook: (no name) - {1BADF119-B409-41F3-BCA0-2FF74D78DAAD} - C:\WINDOWS\system32\Ohishd.dll
R3 - URLSearchHook: (no name) - {915A7D65-F1E8-464C-B56E-4B274374283C} - C:\WINDOWS\system32\Lnwm.dll
R3 - URLSearchHook: (no name) - {AFCB837C-AF4E-4F34-9EEE-C64819111B23} - C:\WINDOWS\system32\Ptqax.dll
O2 - BHO: (no name) - {07744CBF-64E3-4C18-A146-E38B831898C8} - C:\WINDOWS\system32\Dfwso.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {0D451658-CC3B-4DD1-9724-0B9E5A56308F} - C:\WINDOWS\system32\Dplz.dll
O2 - BHO: (no name) - {19E6153F-18E9-4A6D-885D-A9130CB36DFE} - C:\WINDOWS\system32\Uurf.dll
O2 - BHO: (no name) - {1BADF119-B409-41F3-BCA0-2FF74D78DAAD} - C:\WINDOWS\system32\Ohishd.dll
O2 - BHO: (no name) - {1C86D49F-998C-4069-AA5A-3EC36815EBD7} - C:\WINDOWS\system32\Hezpj.dll
O2 - BHO: (no name) - {1ED2A9E5-FEDA-4934-B916-A6BDFB213ED6} - C:\WINDOWS\system32\Sndbm.dll
O2 - BHO: (no name) - {25E681C1-3B93-40CC-87D0-A4A389D08C6C} - C:\WINDOWS\system32\Dcbt.dll
O2 - BHO: (no name) - {2920D630-430C-487E-84EE-8BEF157F339B} - C:\WINDOWS\system32\Jnqj.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: (no name) - {36BEDCD1-C985-489C-9A70-F4E49D08B301} - C:\WINDOWS\system32\Hhjpvz.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O2 - BHO: (no name) - {48FDE4F7-9C0D-45CF-A149-68243BCF87F8} - C:\WINDOWS\system32\Merha.dll
O2 - BHO: (no name) - {4F4B4D4E-9E8C-4B71-ABEC-36C929EA0BC5} - C:\WINDOWS\system32\Kfois.dll
O2 - BHO: (no name) - {59482D51-9A66-4A3F-A11C-E1D07377D567} - C:\WINDOWS\system32\Viqbp.dll
O2 - BHO: (no name) - {5C4BCD87-C71C-4916-8032-C0A5EF12CB31} - C:\WINDOWS\system32\Hnxak.dll
O2 - BHO: QQIEHelper - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\DOCUME~1\CHENGS~1\LOCALS~1\Temp\SSLive.dll
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: (no name) - {915A7D65-F1E8-464C-B56E-4B274374283C} - C:\WINDOWS\system32\Lnwm.dll
O2 - BHO: (no name) - {96383912-B90D-452F-9533-F27E0C9C4A4A} - C:\WINDOWS\system32\Lggd.dll
O2 - BHO: (no name) - {AFCB837C-AF4E-4F34-9EEE-C64819111B23} - C:\WINDOWS\system32\Ptqax.dll
O2 - BHO: (no name) - {C6487F85-310A-4794-9FE0-F3C802ABCDE0} - C:\WINDOWS\system32\Htjdu.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O4 - 启动项HKLM\\Run: [YLive.exe> C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse> "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin> Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [stup.exe> C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - Global Startup: DuDu下载加速器.lnk = ? (开始-程序-启动)
这些修复删除
建议你到安全模式下用置顶“恶意软件清理助手”清理下系统,再扫个日志对照以上项看看,还没清除的就手工修复删除,并清空IE缓存和系统临时文件夹!
原帖由 网络vs浪子 于 2006-7-3 10:05 发表
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
R3 - URLSearchHook: (no name) - {1ED2A9E5-FEDA-4934-B916-A6BDFB ...
Logfile of HijackThis v1.99.1
Scan saved at 11:03:37, on 2006-7-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\tools\Tencent\qq\QQ.exe
D:\tools\Tencent\qq\TIMPlatform.exe
C:\Documents and Settings\chengshidai\桌面\程正楠\安装文件\HijackThis.exe
C:\Program Files\Kingsoft\FastAIT\FastAIT.exe
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\tools\Tencent\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O4 - HKLM\..\Run: [TkBellExe> "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin> Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\tools\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\tools\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\tools\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\tools\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\tools\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O11 - Options group: [TBH> 搜搜地址栏搜索
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) -
O16 - DPF: {32D72994-45B9-42B5-8980-FB561D1BE2D0} (nEdit Control) -
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) -
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) -
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (PhotoUploadCtrl Control) -
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) -
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) -
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) -
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) -
O16 - DPF: {DE3496D2-AFB9-47EB-A8C2-C3B330222513} (PhotoUpload Control) -
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) -
O16 - DPF: {FCEFD5DD-7152-4317-ABC1-16682376EE7A} (dddolsp Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A299A0-EEBB-4C76-AE0F-252665E15617}: NameServer = 211.94.33.193,211.91.120.129
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
还有几个修复后还有..剩下的那怎么办..
那个CnsMin特别烦人..每次开机总是有N个对话框..说加载C:\WINDOWS\DOWNL~1\CnsMin.dll时出错%1不是有效的Win32应用程序.
O4 - HKLM\..\Run: [CnsMin> Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll (file missing)
O11 - Options group: [TBH> 搜搜地址栏搜索
修复即可。建议再清理一遍
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
修复后,册除“C:\WINDOWS\DOWNLO~1\CnsHook.dll”
O4 - Startup: 腾讯QQ.lnk = D:\tools\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
无必要开机启动吧,开始菜单的启动项!
O4 - HKLM\..\Run: [CnsMin> Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
这三个老是修复不了..
开机的时候总是出现这个..
我家好象不能用安全模式/..
我记得以前可以哒..
现在也不知道怎么搞安全模式了..
就开机滴时候有两个选择..Ctrl F2和直接按Delete.
进入安全模式,用恶意软件清理 工具清理,具体进入安全模式得方法,参考
谢谢斑竹..:P
我现在就去试试..
其它的是删掉了..
就还是那个CnsMin老是删不掉..
我一气之下把那个东西哒注册表删了.最后用"恶意软件清理"清掉了..现在还不知道回到正常模式会不会又回来了..
我已经关掉了系统还原..可是有个文件(CnsMinKP 也是3721里头的)就是删不掉/.删掉了刷新又回来了.
然后就是两个恶意软件..
有一个清不掉..
总是有碎片什么的。..
上面说重起再清就可以解决问题..
我重起几遍了都不行..
还有一个清掉了..
可是再检测的时候还是有那个软件..
每次都这样..每次都有恶意碎片..
多清几次也没用吖.. |
|
设为首页
加入收藏
联系我们
打印本文 
返回顶部 
加入收藏 
关闭窗口
