caobihole
- 浏览: 952623 次
-
文章分类
最新评论
遭遇Trojan.Alipop,microinfo.dll,gofwk.pic,game.dll,qpjmy.exe,nnaa.exe,SafeDrv.exe等1
一位朋友的电脑最近出了问题:进入桌面后要等许久才能操作;360杀毒软件无法启动;自动弹出许多广告网页窗口;IE浏览器被劫持为hxxp://www.97796.cn/?205486;桌面上自动出现“致富秘诀”之类许多广告图标,删除了过一会又来。请偶帮忙检修。
用pe_xscan扫描log,居然无法检测文件的数字签名,用log分析工具处理后,发现如下可疑项(进程模块部分有省略):
/===
pe_xscan 10-03-26 by Purple Endurer
2010-6-21 17:41:30
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process]*0
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/winlogon.exe*992|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Windows NT Logon Application|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|winlogon|WINLOGON.EXE
C:/WINDOWS/system32/winlib .dll
C:/WINDOWS/system32/syslib .dll
C:/WINDOWS/system32/lsass.exe*1048|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|LSA Shell (Export Version)|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|lsass.exe|lsass.exe
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/svchost.exe*1280|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
c:/progra~1/qteri/gwrcd.biz|2010-6-21 13:20:7
c:/program files/google/ac.exe%sessionname%/gofwk.pic
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/explorer.exe*1704|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Windows Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|explorer|EXPLORER.EXE
C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/system32/nsDk.dll
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/System32/dysgn.dll|2010-6-21 17:20:40|testAtl Module|1, 0, 0, 1|testAtl Module|Copyright 2009|1, 0, 0, 1||?|testAtl|testAtl.DLL
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/WINDOWS/system32/dysg9.dll|2010-6-21 17:20:40|MyTest3 Dynamic Link Library|1, 0, 0, 1|MyTest3|版权所有 (C) 2008|1, 0, 0, 1|||MyTest3|MyTest3.DLL
C:/WINDOWS/system32/msxmlw.dll|2010-6-21 17:32:1
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
C:/WINDOWS/System32/HtmlUI.dll|2010-6-21 12:19:50|HtmlPeek 动态链接库|1, 0, 0, 1|microsoft dll|Copyright (C) 2009|1, 0, 0, 1|上海国际通讯|?|HtmlPeek|HtmlPeek.dll
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/PROGRA~1/CNRN/RNMain.exe*1832|2009-12-1 11:36:18|中文上网2007|2.0.0.0|RNMain|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNMain|RNMain.exe
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/CNRN/RNList.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNList|版权所有 (C) 2007|2.0.8.1028|国风因特软件(北京)有限公司||RNList|RNList.dll
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/PROGRA~1/CNRN/RNMain.exe*1844|2009-12-1 11:36:18|中文上网2007|2.0.0.0|RNMain|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNMain|RNMain.exe
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
C:/PROGRA~1/CNRN/RNNtfy.dll|2009-12-2 8:32:0|中文上网2007|2.0.0.0|RNNtfy|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNNtfy|RNNtfy.dll
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/WINDOWS/system32/svchost.exe*2020|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
c:/windows/system32/catius/vioauqadcait.dll|2010-6-21 17:23:55
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/fbes.exe*2044|2010-6-21 14:17:1
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/188d.exe*356|2010-6-21 12:13:18
C:/Program Files/Internet Explorer/Mfc42.sys*400|2010-6-21 12:19:28|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32Antihhlul.exe*428|2010-6-21 15:17:52|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/rundll32.exe*524|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Run a DLL as an App|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2105)|Microsoft Corporation|?|rundll|RUNDLL.EXE
C:/WINDOWS/system32/b2fe.dll|2010-6-21 12:13:18|p.dll|1, 0, 0, 1|Play.dll|Beijing Angels Technology ltd. All rights reserved.|1, 0, 0, 1|Beijing Angels Technology ltd.|?|?|?
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/system32/upd86D.tmp.exe*556|2010-6-21 13:41:29
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/qpjmy.exe*580|2010-6-21 13:20:35
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/svchost.exe*596|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
c:/windows/system32/nethome32.dll|2010-6-21 14:10:35
C:/Program Files/Pe/PeServer.exe*612|2010-6-21 12:12:54||1.0.0.0|||1.0.0.0||||
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/nnaa.exe*760|2010-6-21 16:34:45
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/alg.exe*2224|2008-4-14 20:0:0
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/Program Files/Internet Explorer/IEXPLORE.EXE*2324|2009-11-24 9:30:6|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Internet Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|iexplore|IEXPLORE.EXE
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNExtend.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNExtend|版权所有 (C) 2007|2.0.5.1029|国风因特软件(北京)有限公司||RNExtend|RNExtend.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
C:/PROGRA~1/Yahoo!/ASSIST~1/ylive.exe*2548|2009-12-1 11:36:23|YLive|3, 2, 6, 1032|YLive|Copyright 2005 Yahoo! China|3, 2, 6, 1032|Yahoo! China||YLive|YLive.exe
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDCertM_ABC.exe*2572|2009-12-31 10:15:37|Agricultural Bank of China Monitor|3, 2, 0, 0|monitor|版权所有 (C) 2007|3, 2, 0, 0|Agricultural Bank of China||CertM|CertM.EXE
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/TokenMgr.dll|2009-12-31 10:15:37|SAFE 3.2|3, 6, 3, 2|Token Management Program v3.2|Copyright ? 2007.3|3, 6, 3, 2|Agricultural Bank of China||TokenMgr|TokenMgr.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDAlg.DLL|2009-12-31 10:15:37|ABCSAFE 3.0|3, 5, 12, 20|ABC Cipher Arithmetic Library V3.0|Copyright ? 2005|3, 5, 12, 20|ABC C0., Ltd.||WDAlg|WDAlg.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/wdkmgr.dll|2009-12-31 10:15:37|Watchdata wdkmgr DLL|1, 0, 0, 39|wdkmgr|Copyright 2008 Watchdata|1, 0, 0, 39|Watchdata||wdkmgr|wdkmgr.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/wdpkcs.dll|2009-12-31 10:15:37|ABC 3.1|3, 6, 2, 15|PKCS#11 Interfce Library V3.1|Copyright ? 2006|3, 6, 2, 15|ABC||WDPKCS|WDPKCS.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDCSPUI.dll|2009-12-31 10:15:37|WatchSAFE 3.2|3, 5, 12, 20|CSP User Interface V3.2|Copyright ? 2007|3, 5, 12, 20|Beijing WatchData System Co., Ltd.||WDCSPUI|WDCSPUI.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/UIResC3.DLL|2009-12-31 10:15:37|WDCSPUI Dynamic Link Library|3, 5, 12, 14|UI Chinese Resource DLL|Copy Right (C) 2005|3, 5, 12, 14|||WDSAFEUI|WDSAFEUI.DLL
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDEvent.dll|2009-12-31 10:15:37|WDEvent Dynamic Link Library|1, 0, 0, 1|WDEvent DLL|版权所有 (C) 2007|1, 0, 0, 1|||WDEvent|WDEvent.DLL
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/WINDOWS/system32/9E8B99/047E1F.EXE*2600|2010-1-27 8:55:5
C:/WINDOWS/system32/9E8B99/krnln.fnr|2010-1-27 8:55:4
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/system32/9E8B99/com.run|2010-1-27 8:55:5|com Dynamic Link Library|1, 0, 0, 1|com DLL|版权所有 (C) 2004|1, 0, 0, 1|||com|com.DLL
C:/WINDOWS/system32/9E8B99/shell.fne|2010-6-12 15:23:15
C:/WINDOWS/system32/9E8B99/dp1.fne|2010-1-27 8:55:4
C:/WINDOWS/system32/9E8B99/eAPI.fne|2010-1-27 8:55:4
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/9E8B99/internet.fne|2010-1-27 8:55:5|internet Dynamic Link Library|1, 0, 0, 1|internet DLL|版权所有 (C) 2002|1, 0, 0, 1|||internet|internet.DLL
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/WINDOWS/kai/smss.exe*2672|2010-6-21 13:19:43|ie|1.00|Windows操作系统进程,调用对话管理子系统和负责操作系统对话。|?|1.00|微软|?|smss|smss.exe
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/41.exe*2696|2010-6-21 12:13:46|||文件夹||||||
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
C:/WINDOWS/ali.exe*2752
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/Program Files/Internet Explorer/IEXPLORE.EXE*4008|2009-11-24 9:30:6|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Internet Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|iexplore|IEXPLORE.EXE
C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll|2009-12-2 10:5:19|yScrBlock module|3, 0, 3, 1004|yScrBlock|Copyright (2005) Yahoo! China|3, 0, 3, 1004|Yahoo! China|Yahoo!|yScrBlock|yScrBlock.dll
C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
C:/PROGRA~1/CNRN/RNExtend.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNExtend|版权所有 (C) 2007|2.0.5.1029|国风因特软件(北京)有限公司||RNExtend|RNExtend.dll
C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll|2009-12-7 8:51:38|yPhtb|3, 1, 2, 1013|yPhtb|Copyright 2005 Yahoo! China|3, 1, 2, 1013|Yahoo! China|||yPhtb.dll
C:/WINDOWS/system32/nsDk.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL|2009-12-2 10:5:17|DragSearch|3, 1, 1, 1013|DragSearch|Copyright 2005 yahoo! china|3, 1, 1, 1013|yahoo! china|||ydragsearch.dll
C:/WINDOWS/sogo/3607.667178.dll|2010-6-21 12:12:37|safemon|5.03.0251|?|?|5.03.0251|深圳快播软件技术有限公司|?|Qvod109|Qvod109.dll
C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yflashdl.dll|2009-12-8 8:50:52|yFlashDl|3, 1, 1, 1025|Flash video download|Copyright 2007 Yahoo! China|3, 1, 1, 1025|Yahoo! China|||yFlashDl.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar0.dll|2009-12-7 8:51:35|IE ToolBand|3, 5, 1, 1128|IE ToolBand|Copyright 2006 yahoo! china|3, 5, 1, 1128|yahoo! china||ToolBand|ToolBand.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ysearch.dll|2009-12-7 8:51:41|WebSearch Plugin Module|3, 3, 0, 1035|WebSearch Plugin|Copyright 2006 Yahoo! China|3, 3, 0, 1035|Yahoo! China||ySearch|ySearch.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasnoad.dll|2009-12-1 14:58:45|ADKiller Module|3, 0, 7, 1009|ADKiller Module|Copyright 2004 yahoo! china|3, 0, 7, 1009|yahoo! china||ADKiller|ADKiller.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yzsNetProto.dll|2009-12-2 10:5:17|yzsNetProto Module|3, 0, 5, 1006|yzsNetProto.dll|Copyright (2005) Yahoo! China|3, 0, 5, 1006|Yahoo! China||yzsNetProto|yzsNetProto.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yrss.dll|2009-12-7 8:51:39|yRss Module|3, 1, 0, 1011|yRss Module|Copyright (2005) Yahoo! China|3, 1, 0, 1011|Yahoo! China||yRss|yRss.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yaswiper.dll|2009-12-2 10:5:17|Yahoo yTWiper|3, 1, 2, 1012|yTWiper|Copyright (2005) Yahoo! China|3, 1, 2, 1012|Yahoo! China||yTWiper|yTWiper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasiesec.dll|2009-12-2 10:5:16|yIESecUI module|3, 1, 3, 1015|yIESecUI|Copyright (2005) Yahoo! China|3, 1, 3, 1015|Yahoo! China|Yahoo!|IESecUI|yIESecUI.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YSETTI~1.DLL|2009-12-2 10:5:5|ysettings|3, 3, 0, 1044|ysettings|Copyright 2006 yahoo! china|3, 3, 0, 1044|yahoo! china||ysettings|ysettings.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ymailp.dll|2009-12-8 8:50:50||3, 0, 7, 1013|YMail Alert||3, 0, 7, 1013|Yahoo! China||ymailp.dll|ymailp.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ymyweb.dll|2009-12-8 8:50:52|yMyWeb Module|3, 0, 5, 1007|yMyWeb Module|2006 Yahoo! China|3, 0, 5, 1007|Yahoo! China||yMyWeb|yMyWeb.DLL
C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ypagetr.dll|2009-12-8 8:50:52|yPageTr Module|3, 0, 1, 1006|yPageTr Module|Copyright 2007|3, 0, 1, 1006|||yPageTr|yPageTr.DLL
C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exeC:/WINDOWS/system32/wbem/360tray.exe>|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Userinit Logon Application|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|userinit|USERINIT.EXE
O2 - IeAddOn(HklmExPr) - JsObject Class - {11CC93E4-0BE6-4f8f-82AA-D577FB955B05} =C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
O2 - IeAddOn(HklmExPr) - Yahoo!Live - {57421194-58FB-49ae-9B4F-FD48869B9AD4} =C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
O2 - IeAddOn(HklmExPr) - assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
O2 - IeAddOn(HkcuExSt) - SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} =C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
O2 - IeAddOn(HkcuExSt) - IETimbar - {1163E531-B58E-4BB9-B877-0906A0A22AEC} =C:/PROGRA~1/INTERN~1/IETimbar/IETimbar.dll|2010-2-8 15:37:8|IETimebar|3.2.0.0|IETimebar|(c). All rights reserved.|3.2.0.0|IETimebar||IEPlugin.dll|IEPlugin.dll
O2 - IeAddOn(HkcuExSt) - - {296AB1B8-FB22-4D17-8834-064E2BA0A6F0} =C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
O2 - IeAddOn(HkcuExSt) - Yahoo!Photo - {33BBE430-0E42-4F12-B075-8D21ACB10DCB} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll|2009-12-7 8:51:38|yPhtb|3, 1, 2, 1013|yPhtb|Copyright 2005 Yahoo! China|3, 1, 2, 1013|Yahoo! China|||yPhtb.dll
O2 - IeAddOn(HkcuExSt) - 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar0.dll|2009-12-7 8:51:35|IE ToolBand|3, 5, 1, 1128|IE ToolBand|Copyright 2006 yahoo! china|3, 5, 1, 1128|yahoo! china||ToolBand|ToolBand.DLL
O2 - IeAddOn(HkcuExSt) - - {57CC5BE6-65FB-4533-B5C3-11DF00ACC50B} =C:/WINDOWS/system32/nsDk.dll
O2 - IeAddOn(HkcuExSt) - DragSearch BHO - {62EED7C6-9F02-42F9-B634-98E2899E147B} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL|2009-12-2 10:5:17|DragSearch|3, 1, 1, 1013|DragSearch|Copyright 2005 yahoo! china|3, 1, 1, 1013|yahoo! china|||ydragsearch.dll
O2 - IeAddOn(HkcuExSt) - QvodAdBlocker.QvodBlock - {8BB42A01-3D28-4143-A5F8-92270BF9A5B5} =C:/WINDOWS/sogo/3607.667178.dll|2010-6-21 12:12:37|safemon|5.03.0251|?|?|5.03.0251|深圳快播软件技术有限公司|?|Qvod109|Qvod109.dll
O2 - IeAddOn(HkcuExSt) - Messenger Class - {923F7368-0DA9-4F50-B87D-1B2F836DB9AD} =C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
O2 - IeAddOn(HkcuExSt) - Safemon class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} =C:/WINDOWS/system32/syspowerues.dll
O2 - IeAddOn(HkcuExSt) - - {D7B21266-AA85-44B8-B516-3B1A69827400} =C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
O2 - IeAddOn(HkcuExSt) - - {E24B9E23-58CF-4938-B383-49C6D744D728} =C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
O2 - IeAddOn(HkcuExSt) - yFlashDl Class - {F166BC04-3C84-44CC-A6E9-2315EC4844B9} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yflashdl.dll|2009-12-8 8:50:52|yFlashDl|3, 1, 1, 1025|Flash video download|Copyright 2007 Yahoo! China|3, 1, 1, 1025|Yahoo! China|||yFlashDl.dll
O2 - IeAddOn(HkcuExSt) - assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} =C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
O4 - HKLM/../run: [CNRN]C:/PROGRA~1/CNRN/RNMain.exeC:/PROGRA~1/CNRN/CNRN.dll,Rundll32
O4 - HKLM/../run: [YLive.exe]C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe
O4 - HKLM/../run: [CNRNRNHelper.dll] C:/PROGRA~1/CNRN/RNMain.exeC:/PROGRA~1/CNRN/RNHelper.dll,Rundll32
O4 - HKLM/../run: [047E1F]C:/WINDOWS/system32/9E8B99/047E1F.EXE
O4 - HKLM/../run: [KAV]c:/windows/kai/smss.exe
O4 - HKLM/../run: [360safebox]C:/WINDOWS/system32/41.exe
O4 - Startup:047E1F.lnk->C:/WINDOWS/system32/9E8B99/047E1F.EXE
O4 - Startup:Coopen播放器.lnk-> "C:/Program Files/Coopen/Coopen.exe" /start
O4 - Global Startup:dlldll.vbe-> Invalid lnk file
O4 - Global Startup:home.lnk->C:/WINDOWS/Temp/tmp.exe
O4 - Global Startup:ie.vbe-> Invalid lnk file
O4 - Global Startup:iecollection.vbe-> Invalid lnk file
O4 - Global Startup:iesearch.vbe-> Invalid lnk file
O4 - Global Startup:ITss.lnk->C:/RECYCLER/ITss.exe
O4 - Global Startup:system.vbe-> Invalid lnk fileC:/autorun.inf
/-----
[AutoRun]
Open=SafeDrv.exe
Shell/Open=打开(&O)
Shell/Open/Command=SafeDrv.exe
Shell/Open/Default=1
Shell/Explore=资源管理器(&X)
Shell/Explore/Command=SafeDrv.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
Open=SafeDrv.exe
Shell/Open=打开(&O)
Shell/Open/Command=SafeDrv.exe
Shell/Open/Default=1
Shell/Explore=资源管理器(&X)
Shell/Explore/Command=SafeDrv.exe
-----/ms.job-> rundll32C:/WINDOWS/system32/b2fe.dll
O9 - IE工具栏扩展按钮HKLM:小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
O9 - IE工具菜单扩展项HKLM:小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
O10 - LSP: MSAFD Tcpip [TCP/IP] =C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: MSAFD Tcpip [UDP/IP] =C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: MSAFD Tcpip [RAW/IP] =C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: RSVP UDP Service Provider =C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: RSVP TCP Service Provider =C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O11 - IE扩展选项组:!CNRN (中文上网2007) =中文上网2007
O22 - SharedTaskScheduler: (ATlMy Class) - {C4560D12-CE25-4A2E-A5D4-B5070FCBE282} =C:/WINDOWS/System32/dysgn.dll|2010-6-21 17:20:40|testAtl Module|1, 0, 0, 1|testAtl Module|Copyright 2009|1, 0, 0, 1||?|testAtl|testAtl.DLL
O23 - 服务: BAPIDRV (BAPIDRV) -C:/WINDOWS/system32/drivers/BAPIDRV.SYS|2010-5-31 9:29:31|?|1.0.0.1005|BAPIDRV|(C)360.cn Inc.All Rights Reserved.|1.0.0.1005|360.cn|?|BAPIDRV.SYS|BAPIDRV.SYS(系统)
O23 - 服务: CNRNDV (CNRNDV) - system32/drivers/CNRNDV.sys|2009-12-1 14:58:46|中文上网2007|2.0.0.0|CnrnDvXP|版权所有 (C) 2007|2.0.5.1022|国风因特软件(北京)有限公司|?|CnrnDvXP|CnrnDvXP.sys(引导)
O23 - 服务: dticem (Internet Data Services) -C:/WINDOWS/system32/svchost.exe -k dtcGep|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
->C:/WINDOWS/system32/Catius/vioauqadcait.dll|2010-6-21 17:23:55(自动)
O23 - 服务: fapsdfj (lskdjflk) -C:/WINDOWS/system32/fbes.exe|2010-6-21 14:17:1(自动)
O23 - 服务: hcpidesk (hcpidesk) -C:/WINDOWS/system32/drivers/hcpidesk.sys|2010-6-21 12:29:9(自动)
O23 - 服务: HidServ (Human Interface Device Access) -C:/WINDOWS/System32/svchost.exe -k netsvcs|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
->C:/PROGRA~1/qteri/gwrcd.biz|2010-6-21 13:20:7(自动)
O23 - 服务: Mdlea (Mdlea) -C:/WINDOWS/system32/188d.exe|2010-6-21 12:13:18(自动)
O23 - 服务: MediaCdzmuu (MS Media Condwub Center) -C:/WINDOWS/system32Antihhlul.exe|2010-6-21 15:17:52|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: MediaCnyrns (MS Media Conffhc Center) -C:/WINDOWS/system32Antiaqrel.exe|2010-6-21 13:24:14|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: MediaCzwkmz (MS Media Consskh Center) -C:/WINDOWS/system32/Antieblhk.exe|2010-6-21 17:25:45|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: Messenger (Messenger) -C:/WINDOWS/system32/svchost.exe-k netsvcs|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
->C:/Program Files/Google/ac.exe%SESSIONNAME%/gofwk.pic(自动)
O23 - 服务: Microsoft Office Word (Microsoft Office Word) -C:/WINDOWS/system32/upd86D.tmp.exe|2010-6-21 13:41:29(自动)
O23 - 服务: Ms-tl_Srv (ms-tl) -C:/WINDOWS/tinlater.exe(自动)
O23 - 服务: National (National Instruments Domain Service) -C:/WINDOWS/system32/qpjmy.exe|2010-6-21 13:20:35(自动)
O23 - 服务: NetHomeIDE (NetHomeIDE) -C:/WINDOWS/system32/svchost.exe -k mysysgroup3|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
->C:/WINDOWS/system32/nethome32.dll|2010-6-21 14:10:35(自动)
O23 - 服务: PeService (PeServer) -C:/Program Files/Pe/PeServer.exe|2010-6-21 12:12:54||1.0.0.0|||1.0.0.0||||(自动)
O23 - 服务: plqiz (plqiz) - system32/drivers/ftbff.sys||1, 0, 0, 1||Copyright 2009|1, 0, 0, 1|Microsoft Corporation|||(引导)
O23 - 服务: pnpmem (pnpmem) -C:/WINDOWS/system32/drivers/pnpmem.sys|2010-6-21 12:38:51(自动)
O23 - 服务: R2A (R2A) -C:/WINDOWS/system32a2.sys(禁用)
O23 - 服务: werer (kuiiuk) -C:/WINDOWS/system32/nnaa.exe|2010-6-21 16:34:45(自动)
O23 - 服务: WinHelp32 (Windows Help System) -C:/WINDOWS/system32/WinHelp32.exe|2010-6-21 12:14:36|Rising AntiVirus 2009|21.00|RavCopy Module|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|ravcopy.exe(自动)
O23 - 服务: yaskp (yaskp) - system32/drivers/yaskp.sys|2010-6-12 8:24:33|KMD|KMD|KMD|Copyright (c) yahoo Corporation.|3.0.9.1010|Copyright (C) yahoo Corporation.|?|yaskp.sys|yaskp.sys(引导)
O24 - ShlExecHook: [] - {D7B21266-AA85-44b8-B516-3B1A69827400} =C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
O24 - ShlExecHook: [] - {DD7D4640-4464-48C0-83FD-21338366D2D3} =C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXEO26 - IFEO: 360deepscan.exe -> ntsd -d
O26 - IFEO: 360hotfix.exe -> ntsd -d
O26 - IFEO: 360rp.exe -> ntsd -d
O26 - IFEO: 360rpt.exe -> ntsd -d
O26 - IFEO: 360Safe.exe -> ntsd -d
O26 - IFEO: 360safebox.exe -> ntsd -d
O26 - IFEO: 360sd.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> ntsd -d
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: AntiArp.exe -> ntsd -d
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: arvmon.exe -> ntsd -d
O26 - IFEO: AutoGuarder.exe -> ntsd -d
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: avcenter.exe -> ntsd -d
O26 - IFEO: avgaurd.exe -> ntsd -d
O26 - IFEO: avgnt.exe -> ntsd -d
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: avp.com -> ntsd -d
O26 - IFEO: avp.exe -> ntsd -d
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: DSMain.exe -> ntsd -d
O26 - IFEO: egui.exe -> ntsd -d
O26 - IFEO: ekrn.exe -> ntsd -d
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: findt2005.exe -> ntsd -d
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IceSword.exe -> ntsd -d
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> ntsd -d
O26 - IFEO: IsHelp.exe -> ntsd -d
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: kabaload.exe -> ntsd -d
O26 - IFEO: KaScrScn.SCR -> ntsd -d
O26 - IFEO: KASMain.exe -> ntsd -d
O26 - IFEO: KASTask.exe -> ntsd -d
O26 - IFEO: KAV32.exe -> ntsd -d
O26 - IFEO: KAVDX.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> ntsd -d
O26 - IFEO: KAVSetup.exe -> ntsd -d
O26 - IFEO: KAVStart.exe -> ntsd -d
O26 - IFEO: killhidepid.exe -> ntsd -d
O26 - IFEO: KISLnchr.exe -> ntsd -d
O26 - IFEO: kissvc.exe -> ntsd -d
O26 - IFEO: KMailMon.exe -> ntsd -d
O26 - IFEO: KMFilter.exe -> ntsd -d
O26 - IFEO: KPFW32.exe -> ntsd -d
O26 - IFEO: KPFW32X.exe -> ntsd -d
O26 - IFEO: KPFWSvc.exe -> ntsd -d
O26 - IFEO: KRepair.COM -> ntsd -d
O26 - IFEO: krnl360svc.exe -> ntsd -d
O26 - IFEO: KsLoader.exe -> ntsd -d
O26 - IFEO: kswebshield.exe -> ntsd -d
O26 - IFEO: KVCenter.kxp -> ntsd -d
O26 - IFEO: KvDetect.exe -> ntsd -d
O26 - IFEO: kvfw.exe -> ntsd -d
O26 - IFEO: KvfwMcl.exe -> ntsd -d
O26 - IFEO: KVMonXP.kxp -> ntsd -d
O26 - IFEO: KVMonXP_1.kxp -> ntsd -d
O26 - IFEO: kvol.exe -> ntsd -d
O26 - IFEO: kvolself.exe -> ntsd -d
O26 - IFEO: KvReport.kxp -> ntsd -d
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> ntsd -d
O26 - IFEO: KVStub.kxp -> ntsd -d
O26 - IFEO: kvupload.exe -> ntsd -d
O26 - IFEO: kvwsc.exe -> ntsd -d
O26 - IFEO: KvXP.kxp -> ntsd -d
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> ntsd -d
O26 - IFEO: KWatch9x.exe -> ntsd -d
O26 - IFEO: KWatchX.exe -> ntsd -d
O26 - IFEO: LiveUpdate360.exe -> ntsd -d
O26 - IFEO: loaddll.exe -> ntsd -d
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: McNAsvc.exe -> ntsd -d
O26 - IFEO: McProxy.exe -> ntsd -d
O26 - IFEO: Mcshield.exe -> ntsd -d
O26 - IFEO: Mcsysmon.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: NAVSetup.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> ntsd -d
O26 - IFEO: nod32kui.exe -> ntsd -d
O26 - IFEO: PFW.exe -> ntsd -d
O26 - IFEO: PFWLiveUpdate.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: Ras.exe -> ntsd -d
O26 - IFEO: Rav.exe -> ntsd -d
O26 - IFEO: RavCopy.exe -> ntsd -d
O26 - IFEO: RavMon.exe -> ntsd -d
O26 - IFEO: RavMonD.exe -> ntsd -d
O26 - IFEO: RavStore.exe -> ntsd -d
O26 - IFEO: RavStub.exe -> ntsd -d
O26 - IFEO: ravt08.exe -> ntsd -d
O26 - IFEO: RavTask.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> ntsd -d
O26 - IFEO: RegEx.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> ntsd -d
O26 - IFEO: RfwMain.exe -> ntsd -d
O26 - IFEO: rfwolusr.exe -> ntsd -d
O26 - IFEO: rfwProxy.exe -> ntsd -d
O26 - IFEO: rfwsrv.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: Rsaupd.exe -> ntsd -d
O26 - IFEO: RsMain.exe -> ntsd -d
O26 - IFEO: rsnetsvr.exe -> ntsd -d
O26 - IFEO: RSTray.exe -> ntsd -d
O26 - IFEO: runiep.exe -> ntsd -d
O26 - IFEO: safebank.exe -> ntsd -d
O26 - IFEO: safeboxTray.exe -> ntsd -d
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: scan32.exe -> ntsd -d
O26 - IFEO: ScanFrm.exe -> ntsd -d
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: smartassistant.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: SREng.exe -> ntsd -d
O26 - IFEO: SREngPS.exe -> ntsd -d
O26 - IFEO: SuperKiller.exe -> ntsd -d
O26 - IFEO: symlcsvc.exe -> ntsd -d
O26 - IFEO: syscheck.exe -> ntsd -d
O26 - IFEO: Syscheck2.exe -> ntsd -d
O26 - IFEO: SysSafe.exe -> ntsd -d
O26 - IFEO: ToolsUp.exe -> ntsd -d
O26 - IFEO: TrojanDetector.exe -> ntsd -d
O26 - IFEO: Trojanwall.exe -> ntsd -d
O26 - IFEO: TrojDie.kxp -> ntsd -d
O26 - IFEO: UIHost.exe -> ntsd -d
O26 - IFEO: UmxAgent.exe -> ntsd -d
O26 - IFEO: UmxAttachment.exe -> ntsd -d
O26 - IFEO: UmxCfg.exe -> ntsd -d
O26 - IFEO: UmxFwHlp.exe -> ntsd -d
O26 - IFEO: UmxPol.exe -> ntsd -d
O26 - IFEO: UpLive.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> ntsd -d
O26 - IFEO: ZhuDongFangYu.exe -> ntsd -d
O26 - IFEO: zxsweep.exe -> ntsd -d
O29 - HKCU-Start Page = hxxp://www.97796.cn/?205486
O29 - HKCU-Search Page = hxxp://www.yahoo.com.cn
O29 - HKCU-Search Bar = hxxp://www.addresscn.com/srchasst.htm
O29 - HKLM-Start Page = hxxp://www.97796.cn/?205486
O29 - HKLM-Search Page = hxxp://www.yahoo.com.cn
O29 - HKLM-Default_Page_URL = hxxp://www.wz157.cn
HKLM/SHOWALL 值非1ScrSave =C:/Program Files/Coopen/Coopen.scr|2010-4-26 14:46:52|CoopenSaveScreen|5, 0, 0, 103|CoopenSaveScreen|(c) 北京首都在线网络技术有限公司. All rights reserved.|5, 0, 0, 103|北京首都在线网络技术有限公司|北京首都在线网络技术有限公司|CoopenUI|CoopenSaveScreen.src
===/
分享到:
发表评论
相关推荐
安铁诺Trojan.VBS.StartPage.dy专杀 V2010.exe。针对1KB病毒
俄罗斯安全软件Dr.Web,Trojan. Plastix木马感染文件解除工具plstfix
我的电脑让学生插了一下U盘,结果电脑出现中毒现象(变慢、经常蓝屏、出错、自动重启),一查是染上了 假冒腾迅TXPLATFORM.EXE 的U盘病毒,属于 Trojan.Generic.Is.536802,此文介绍查杀方法
敲诈者木马程序以敲诈勒索钱财为目的,使得感染该木马的计算机用户系统中的指定数据文件被恶意隐藏,造成用户数据丢失。截至目前为止,在国内已经出现了因感染该木马程序而导致计算机系统数据文件丢失的情况。...
Trojan专杀工具,用着真不错;我在网上找了好长时间才长到的,愿意与大家一块来分享.另外,本人是教育行业的,分享一个好的英语资料下载站:http://www.51tjw.com
俄罗斯安全软件大蜘蛛Dr.Web,木马解锁工具.
RECYCLER.exe变种,GHOST.PIF变种,KPE.exe(EKS.exe) Trojan.DL.VB.nua,services.exe变种,sysauto.exe变种,myserver变种,pegefile.pif(Trojan.PSW.Win32.Agent.mk), autorun.exe (Worm.Win32.Agent.h)等
Churrasco.exe+nc.exe+http.exe提权工具
【病毒名称】:Trojan-Downloader.Win32.Generic.a 【病毒类型】:下载者 【危害程度】:中 【传播方式】:网络 【受影响系统】:windows 98以上 病毒行为: 该病毒为下载者木马类,病毒运行后调用API获取系统文件夹...
js.scob.trojan
2020年trojan最新windows64客户端
inst.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
针对Trojan-Dropper.Win32.Dropkit.a病毒,清除所需要的工具包,包括金山反间谍2007、PowerRmv、sreng2.5
dbg_x86_6.0.17.0.exe (的Win32内阁自解压)是一个可执行的软件微软( R ) Windows (注册商标) 2000操作系统版本6.0.0的微软公司。 dbg_x86_6.0.17.0.exe version 6.0.0 is most commonly found under the ...
新增106个新U盘类病毒的查杀,其中包括autorun.vbs system.exe Trojan.Win32.GameOlx.ir;BoyFine Worm-Script.VBS.Autorun.bc;nar.vbs Worm.Script.VBS.7474;.MS32DLL.dll.exe..VBs Worm.Script.VBS.Autorun.a;...
Trojan is a stable and efficient mobile lightweight log SDK that not only records general logs, such as Http, power changes, component life cycles, but also records the definition of the log, which it...
本软件用于查杀各类已知或未知的...QQ密码使者、 QQ密码大盗、Trojan.QQSender.nicex、 Trojan.QQSender.ok530、 Trojan.QQSender.qiumei、Trojan.QQSender.qq3344 等2300余种病毒、木马测试,查杀准确率达98%以上!
可查杀最新木马,主要用于查杀Trojan.Malscript!html等易中木马
视频图像的编解码,将原始图像压缩成MPEG4格式,然后在客户端解压缩显示