遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1

简介: 遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1

昨天中午,一位网友说他的电脑双击打不开磁盘,运行程序时防火墙就询问是否允许该程序访问网络,让偶帮忙检查。

下载 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):

/===

pe_xscan 07-08-30 by Purple Endurer
2007-11-21 12:56:35
Windows XP Service Pack 2(5.1.2600)
管理员用户组 
[System Process] * 0
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/fydoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qqdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/cqdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qhdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/mydoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/zxdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/tldoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wddoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/rxdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qjdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/dadoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wgdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wldoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/csdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wodoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/mhdoor0.dll | 2004-8-4 0:52:32
C:/WINDOWS/Explorer.EXE * 1684 | 2004-8-4 0:52:32 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
    C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dll | 2006-12-5 11:12:50 | ypatch | 3, 1, 7, 1023 | ypatch | Copyright 2005 Yahoo! China | 3, 1, 7, 1023 | Yahoo! China |  | ypatch | ypatch.exe
    C:/Program Files/Internet Explorer/OnlO0r.dll | 2007-11-20 15:23:24 | Microsoft Windows Operating System | 6.00.2900.3028 | Microsoft Corporation Windows DLL | Copyright (C) 2001.01 | 1. 0. 0. 1 | Microsoft Corporation| ? | Windows.dll   | Windows.dll
    C:/WINDOWS/system32/mhdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/system32/wodoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/csdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wldoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wgdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/dadoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qjdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/rxdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/wddoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/tldoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/zxdoor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/mydoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qhdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/cqdoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/fydoor1.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/qqdoor0.dll | 2004-8-4 0:52:32
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
    C:/PROGRA~1/3721/alrex.dll | 2007-7-2 17:27:8 | 中文上网 | 2.5.0.1001 | alrex | 版权所有 (C) 2007 | 2.5.1.1003 | 国风因特软件(北京)有限公司 |  | alrex | alrex.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-10-19 15:14:56 | 中文上网 | 2.5.0.1001 | autolvup | 版权所有 (C) 2007 | 2.5.7.1012 | 国风因特软件(北京)有限公司 |  | autolvup | AutoLive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll | 2007-11-8 16:41:28 | AutoLive Module | 3, 7, 9, 1139 | AutoLive Module | Copyright 2005 yahoo! china | 3, 7, 9, 1139 | yahoo! china |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-11-15 17:48:36 |   LiveEx | 3, 0, 2, 1011 | LiveEx | Copyright 2005 Yahoo! China | 3, 0, 2, 1011 | Yahoo! China |  | LiveEx | LiveEx.dll
    C:/PROGRA~1/baidu/bar/baidubar.dll | 2007-11-7 14:40:56 | BaiduBar Module | 2, 0, 2, 158 | BaiduBar Module | Copyright 2005 | 2, 0, 2, 158 | Baidu.com, Inc. |  | BaiduBar | BaiduBar.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-11-15 17:50:20 | yPhtb | 3, 0, 5, 1007 | yPhtb | Copyright 2005 Yahoo! China | 3, 0, 5, 1007 | Yahoo! China |  |  | yPhtb.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-11-1 17:15:22 | DragSearch | 3, 0, 8, 1010 | DragSearch | Copyright 2005 yahoo! china | 3, 0, 8, 1010 | yahoo! china |  |  | ydragsearch.dll
    C:/Program Files/Common Files/fjOs0r.dll | 2007-11-12 11:33:48 | Microsoft Windows Operating System | 6.00.2900.3028 | Microsoft Corporation Windows DLL | Copyright (C) 2001.01 | 1. 0. 0. 1 | Microsoft Corporation| ? | Windows.dll   | Windows.dll
    C:/WINDOWS/downlo~1/CnsHook.dll | 2007-6-11 16:13:14 | 中文上网 | 2.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.6 | 国风因特软件(北京)有限公司 |  | CnsHook | CnsHook.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll | 2006-11-15 17:45:58 | yAssist Module | 3, 1, 2, 1017 | Assist Module | Copyright (2005) Yahoo! China | 3, 1, 2, 1017 | Yahoo! China | Yahoo! | yAssist | yAssist.DLL
    C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll | 2004-8-4 8:50:56 | Microsoft? Windows? Operating System | 5.1.3102.2180 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | gdiplus | gdiplus
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ywiper.dll | 2006-11-15 17:52:34 |  Wiper 动态链接库 | 3, 0, 2, 1002 | Wiper 动态链接库 | Copyright 2005 Yahoo! China | 3, 0, 2, 1002 | Yahoo! China| ? | Wiper | ywiper.dll
    C:/WINDOWS/downlo~1/CnsMinIO.dll | 2007-8-8 13:35:32 | 中文上网 | 2.5.0.1001 | CnsMinIO | 版权所有 (C) 2007 | 2.5.0.6 | 国风因特软件(北京)有限公司 |  | CnsMinIO | CnsMinIO.dll
    C:/WINDOWS/downlo~1/cnsio.dll | 2007-8-8 13:35:32 | 中文上网 | 2, 5, 0, 1001 | CnsIO | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 |  | CnsIO | CnsIO.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll | 2007-11-1 17:10:52 | IE ToolBand | 3, 4, 6, 1123 | IE ToolBand | Copyright 2006 yahoo! china | 3, 4, 6, 1123 | yahoo! china |  | ToolBand | ToolBand.DLL
C:/WINDOWS/system32/Rundll32.exe * 1788 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/downlo~1/CnsMinIO.dll | 2007-8-8 13:35:32 | 中文上网 | 2.5.0.1001 | CnsMinIO | 版权所有 (C) 2007 | 2.5.0.6 | 国风因特软件(北京)有限公司 |  | CnsMinIO | CnsMinIO.dll
    C:/WINDOWS/downlo~1/cnsio.dll | 2007-8-8 13:35:32 | 中文上网 | 2, 5, 0, 1001 | CnsIO | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 |  | CnsIO | CnsIO.dll
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/downlo~1/CnsMinEx.dll | 2007-6-11 16:13:16 | 中文上网 | 2.5.0.1001 | CnsMinEx | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 |  | CnsMinEx | CnsMinEx.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe * 2408 | 2007-11-1 17:10:22 |   YLive | 3, 2, 5, 1031 | YLive | Copyright 2005 Yahoo! China | 3, 2, 5, 1031 | Yahoo! China |  | YLive | YLive.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe | 2007-11-1 17:10:22 |   YLive | 3, 2, 5, 1031 | YLive | Copyright 2005 Yahoo! China | 3, 2, 5, 1031 | Yahoo! China |  | YLive | YLive.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll | 2007-11-8 16:41:28 | AutoLive Module | 3, 7, 9, 1139 | AutoLive Module | Copyright 2005 yahoo! china | 3, 7, 9, 1139 | yahoo! china |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-11-15 17:48:36 |   LiveEx | 3, 0, 2, 1011 | LiveEx | Copyright 2005 Yahoo! China | 3, 0, 2, 1011 | Yahoo! China |  | LiveEx | LiveEx.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/ynotifier.dll | 2006-11-15 17:48:42 | Notifier Module | 3, 0, 2, 1002 | Notifier Module | Copyright 2004 yahoo! china | 3, 0, 2, 1002 | yahoo! china |  | Notifier | Notifier.DLL
C:/PROGRA~1/Yahoo!/Assistant/yassistse.exe * 2416 | 2006-11-15 17:46:58 | Yahoo! AssistSetting | 3, 0, 4, 1005 | AssistSetting | Copyright (2005) Yahoo! China | 3, 0, 4, 1005 | Yahoo! China |  | AssistSetting | AssistSe.exe
    C:/PROGRA~1/Yahoo!/Assistant/yassistse.exe | 2006-11-15 17:46:58 | Yahoo! AssistSetting | 3, 0, 4, 1005 | AssistSetting | Copyright (2005) Yahoo! China | 3, 0, 4, 1005 | Yahoo! China |  | AssistSetting | AssistSe.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/Yahoo!/Assistant/shell/yAssecblk.dll | 2007-11-1 17:14:48 | yassecblk module | 3, 2, 1, 1029 | yassecblk | Copyright (2005) Yahoo! China | 3, 2, 1, 1029 | Yahoo! China | yahoo! | yassecblk | yassecblk.dll
    C:/PROGRA~1/Yahoo!/Assistant/shell/yMenuInfo.dll | 2006-11-15 17:47:4 | Yahoo MenuInfo | 3, 0, 1, 1001 | MenuInfo | Copyright (2005) Yahoo! China | 3, 0, 1, 1001 | Yahoo! China |  | MenuInfo | MenuInfo.dll
    C:/PROGRA~1/Yahoo!/Assistant/shell/yIEAngel.dll | 2006-11-15 17:47:2 | Yahoo IEAngel | 3, 0, 2, 1002 | IEAngel | Copyright (2005) Yahoo! China | 3, 0, 2, 1002 | Yahoo! China |  | IEAngel | IEAngel.dll
    C:/PROGRA~1/Yahoo!/Assistant/shell/yAsMenu.dll | 2006-11-15 17:46:54 | yAsMenu module | 3, 0, 1, 1002 | yAsMenu | Copyright (2005) Yahoo! China | 3, 0, 1, 1002 | Yahoo! China | Yahoo! | yAsMenu | yAsMenu.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/RUNDLL32.EXE * 2444 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/WINDOWS/system32/NvMcTray.dll | 2006-3-31 20:54:0 | NVIDIA Media Center Library | 6.14.10.8440 | NVIDIA Media Center Library | (C) NVIDIA Corporation. All rights reserved. | 6.14.10.8440 | NVIDIA Corporation| ? | NvMCTray | NVMCTRAY.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/system32/NVRSZHC.DLL | 2006-3-31 20:54:0 | NVIDIA Compatible Windows 2000 Display driver, Version 84.40  | 6.14.10.8440 | NVIDIA Simplified Chinese language resource library | (C) NVIDIA Corporation. All rights reserved. | 6.14.10.8440 | NVIDIA Corporation| ? | NvRsZhc | NvRsZhc.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/rundll32.exe * 2560 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-10-19 15:14:56 | 中文上网 | 2.5.0.1001 | autolvup | 版权所有 (C) 2007 | 2.5.7.1012 | 国风因特软件(北京)有限公司 |  | autolvup | AutoLive.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/ctfmon.exe * 2660 | 2004-8-4 0:52:30 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 |  | helperup | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China |  | Helper | Helper.dll
    C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32
    C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
O2 - BHO QQCycloneHelper Class - {00000000-12C9-4305-82F9-43058F20E8D2} - C:/Program Files/Tencent/QQDownload/QQIEHelper01.dll
O2 - BHO Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll
O2 - BHO AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll
O2 - BHO DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL
O2 - BHO BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:/PROGRA~1/baidu/bar/baidubar.dll
O2 - BHO  - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:/Program Files/Common Files/fjOs0r.dll
O2 - BHO CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/downlo~1/CnsHook.dll
O2 - BHO assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll
O3 - IE工具栏:  - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:/PROGRA~1/baidu/bar/baidubar.dll
O3 - IE工具栏: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/downlo~1/CnsMin.dll,Rundll32
O4 - HKLM/../Run: [helper.dll] C:/WINDOWS/system32/rundll32.exe C:/PROGRA~1/3721/helper.dll,Rundll32
D:/autorun.inf
/-----
[AutoRun]
open=xxyxyjk.exe
shell/open=打开(&O)
shell/open/Command=xxyxyjk.exe
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=xxyxyjk.exe
-----/
E:/autorun.inf
/-----
[AutoRun]
open=xxyxyjk.exe
shell/open=打开(&O)
shell/open/Command=xxyxyjk.exe
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=xxyxyjk.exe
-----/
F:/autorun.inf
/-----
[autorun]
open=Windows.scr
shellexecute=Windows.scr
shell/Auto/command=Windows.scr
shell=Auto
-----/
O8 - IE右键菜单附加项 : 添加到雅虎订阅(&Y) - res://C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yrss.dll/YRSSMENUEXT
O8 - IE右键菜单附加项 : 雅虎搜索 - res://C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll/203
O9 - IE工具栏扩展按钮HKLM:Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
O9 - IE工具菜单扩展项HKLM: - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
O9 - IE工具栏扩展按钮HKLM:名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - hxxp://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=hxxp://www.taobao.com/vertical/mall/pro.php?allyesPara=816
O9 - IE工具菜单扩展项HKLM: - {59BC54A2-56B3-44a0-93E5-432D58746E26} - hxxp://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=hxxp://www.taobao.com/vertical/mall/pro.php?allyesPara=816
O9 - IE工具栏扩展按钮HKLM:雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
O9 - IE工具菜单扩展项HKLM: - {5D73EE86-05F1-49ed-B850-E423120EC338} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
O9 - IE工具栏扩展按钮HKLM:雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - hxxp://cn.widget.yahoo.com/index.htm?source=Cns
O9 - IE工具菜单扩展项HKLM: - {6354ABE6-05F1-49ed-B850-E423120EC338} - hxxp://cn.widget.yahoo.com/index.htm?source=Cns
O9 - IE工具栏扩展按钮HKLM:情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg
O9 - IE工具菜单扩展项HKLM: - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg
O9 - IE工具栏扩展按钮HKLM: - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
O9 - IE工具菜单扩展项HKLM:修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
O9 - IE工具栏扩展按钮HKLM:Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O9 - IE工具菜单扩展项HKLM:Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O9 - IE工具栏扩展按钮HKLM: - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
O9 - IE工具菜单扩展项HKLM:清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
O11 - IE扩展选项组:!CNS ( 中文上网) = @C:/WINDOWS/downlo~1/CnsMin.dll,-117
O23 - 服务: BdGuard (BdGuard) - system32/drivers/BDGuard.SYS | BDGUARD Dynamic Link Library | 1, 0, 12, 0 | BDGUARD Dynamic Link Library | Copyright (C) 2005 | 1, 0, 12, 0| ?| ? | BDGUARD | Bdguard.dll(引导)
O23 - 服务: BIOS (BIOS) - C:/WINDOWS/system32/drivers/BIOS.sys | 2005-3-16 14:23:54 | BIOSTAR I/O driver fle | 1, 0, 0, 0 | I/O Interface driver file | Copyright (c) 2002-2003 BIOSTAR Group | 1, 0, 0, 0 | BIOSTAR Group |  | I/O driver | BIOS.sys(系统)
O23 - 服务: CnsMinKP (CnsMinKP) - system32/drivers/CnsMinKP.sys | 中文上网 | 2.5.0.1001 | CnsMinKPXP | 版权所有 (C) 2007 | 2.0.6.1002 | 国风因特软件(北京)有限公司| ? | CnsMinKPXP | CnsMinKpXP.sys(引导)
O23 - 服务: lbofrbl (lbofrbl) - C:/WINDOWS/System32/drivers/lbofrbl.sys | 2007-11-21 9:43:0 |  sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)
O23 - 服务: NPF (Netgroup Packet Filter) - system32/drivers/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies |  | NPF + TME  | npf.sys(手动)
O23 - 服务: ocgnjjqw (ocgnjjqw) - System32/DRIVERS/ocgnjjqw.sys| ? | 1.6.9.1084| ?| ? | 1.8.0.1096 | Yahoo! China Corporation| ?| ?| ?(引导)
O23 - 服务: R2A (R2A) - C:/WINDOWS/system32a2.sys(禁用)
O23 - 服务: yaskp (yaskp) - system32/drivers/yaskp.sys | KMD | 3, 0, 7, 1009 | KMD | Copyright (c) yahoo Corporation. | 3, 0, 7, 1009 | Copyright (C) yahoo Corporation.| ? | yaskp.sys | yaskp.sys(引导)
O24 - ShlExecHook: [A] - {4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A} = A
O24 - ShlExecHook: [CnsHook Class] - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:/WINDOWS/downlo~1/CnsHook.dll
O24 - ShlExecHook: [PatchCom] - {E568441B-9EF3-49F8-9A67-4141AC41ADD4} = C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dll
O24 - ShlExecHook: [] - {CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} = C:/Program Files/Internet Explorer/OnlO0r.dll
O24 - ShlExecHook: [F] - {3422FB0F-95EB-458A-8B56-39552017A4EF} = C:/WINDOWS/system32/mhdoor0.dll
O24 - ShlExecHook: [6] - {5731EA1D-6AAF-4DE9-BDDA-7B390A75B286} = C:/WINDOWS/system32/wodoor1.dll
O24 - ShlExecHook: [7] - {11DB88F9-409B-475E-8FD7-411653F6D367} = C:/WINDOWS/system32/55551.dll
O24 - ShlExecHook: [C] - {32C4BAF4-0411-4000-BDFB-A6F71E669F8C} = C:/WINDOWS/system32/csdoor1.dll
O24 - ShlExecHook: [3] - {E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3} = C:/WINDOWS/system32/wldoor0.dll
O24 - ShlExecHook: [7] - {A3C95A74-638D-4C6B-A856-4B27664A7F47} = C:/WINDOWS/system32/wgdoor0.dll
O24 - ShlExecHook: [B] - {D8CC4845-441C-44F8-9053-28F2EF67655B} = C:/WINDOWS/system32/dadoor0.dll
O24 - ShlExecHook: [C] - {A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C} = C:/WINDOWS/system32/dh3oor0.dll
O24 - ShlExecHook: [8] - {6826A3DB-EA8E-4E67-880D-53D04C7C0BD8} = C:/WINDOWS/system32/qjdoor0.dll
O24 - ShlExecHook: [0] - {EDFF29C1-5A70-4460-AC1D-16DCB4B672F0} = C:/WINDOWS/system32/rxdoor0.dll
O24 - ShlExecHook: [2] - {68F7767A-090C-4BBF-A015-720ACC6706E2} = C:/WINDOWS/system32/wddoor0.dll
O24 - ShlExecHook: [8] - {08E909A4-B236-48DD-8BCC-90A604B93E68} = C:/WINDOWS/system32/tldoor0.dll
O24 - ShlExecHook: [7] - {781FBCC1-99C7-4AE0-95F7-66EA49E86DD7} = C:/WINDOWS/system32/zxdoor0.dll
O24 - ShlExecHook: [8] - {4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748} = C:/WINDOWS/system32/mydoor1.dll
O24 - ShlExecHook: [D] - {ABD0935D-B35A-47BD-BA9A-81678DDE74DD} = C:/WINDOWS/system32/qhdoor1.dll
O24 - ShlExecHook: [3] - {04A0CB31-FDEB-4EB8-889B-E00ED87BCE23} = C:/WINDOWS/system32/cqdoor1.dll
O24 - ShlExecHook: [B] - {BD9B003B-0BE6-4528-A9D9-B8DBACAC6B9B} = C:/WINDOWS/system32/fydoor1.dll
O24 - ShlExecHook: [F] - {D64AC2E4-95B1-40DD-90D9-0C60F7CA64BF} = C:/WINDOWS/system32/qqdoor0.dll
===/
相关文章
|
3月前
|
安全 Windows
遭遇Backdoor.Gpigeon.2007.ca,Trojan-PSW.Win32.QQRob.lg,Backdoor.Win32.Agent.bcn等1
遭遇Backdoor.Gpigeon.2007.ca,Trojan-PSW.Win32.QQRob.lg,Backdoor.Win32.Agent.bcn等1
|
3月前
|
监控 安全 数据安全/隐私保护
遭遇Trojan-PSW.Win32.WOW,Trojan.PSW.Win32.OnlineGames,Trojan.MnLess.kks等1
遭遇Trojan-PSW.Win32.WOW,Trojan.PSW.Win32.OnlineGames,Trojan.MnLess.kks等1
|
3月前
|
安全
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等1
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等1
|
3月前
|
安全 Windows
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等2
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等2
|
3月前
|
安全 Shell
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等1
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等1
|
3月前
|
JavaScript 前端开发 数据安全/隐私保护
下载Trojan-PSW.Win32.QQPass.ra等恶意程序的政府网站
下载Trojan-PSW.Win32.QQPass.ra等恶意程序的政府网站
|
3月前
|
安全
某可人官方网站挂马Trojan-PSW.Win32.OnLineGames.sbg
某可人官方网站挂马Trojan-PSW.Win32.OnLineGames.sbg
|
3月前
|
安全 网络协议
刘三姐故乡的某网站被植入下载Worm.Win32.Delf.bse, Worm.Win32.Viking.ls等的代码
刘三姐故乡的某网站被植入下载Worm.Win32.Delf.bse, Worm.Win32.Viking.ls等的代码
|
3月前
|
Windows
遭遇 Trojan.DL.Agent.cjy、ltnward.exe、34E0AE22.dll 等
遭遇 Trojan.DL.Agent.cjy、ltnward.exe、34E0AE22.dll 等
|
3月前
|
安全 JavaScript 前端开发
某农业产品贸易网挂马Trojan.DL.Win32.Mnless.bes/Trojan-Dropper.Win32.Agent.xdu
某农业产品贸易网挂马Trojan.DL.Win32.Mnless.bes/Trojan-Dropper.Win32.Agent.xdu