遭遇Backdoor.Gpigeon.2007.ca,Trojan-PSW.Win32.QQRob.lg,Backdoor.Win32.Agent.bcn等1

简介: 遭遇Backdoor.Gpigeon.2007.ca,Trojan-PSW.Win32.QQRob.lg,Backdoor.Win32.Agent.bcn等1

这两天晚上都在忙着帮一位网友清除电脑中的病毒~

先用网友电脑中原有的 HijackThis 扫描 log,发现如下可疑项:

/---
Logfile of HijackThis v1.99.1
Scan saved at 23:35:36, on 2005-12-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:/WINDOWS/system32/kernl32.exe

C:/WINDOWS/system32/Rem.exe

C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE

C:/WINDOWS/svchost.exe

C:/WINDOWS/system32/216.exe

C:/WINDOWS/system32/xiaobo.exe

C:/WINDOWS/system32/dgd4bs.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
R3 - URLSearchHook: (no name) - {432053B9-B579-469D-985B-ADA27240CAE6} - (no file)
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,c:/WINDOWS/11191061761.exe
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/DOWNLO~1/CnsHook.dll
O2 - BHO: TBSB04805 - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:/Program Files/搜索栏(S)/sobar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O3 - Toolbar: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll

O4 - HKLM/../Run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe

O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/DOWNLO~1/CnsMin.dll,Rundll32

O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe

O4 - HKLM/../Run: [TinTSentp] C:/WINDOWS/system32/autoc0nv.exe

O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎收藏+ - ​​ ​http://myweb.cn.yahoo.com/post.html?F=D2_A​​

O9 - Extra button: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - Extra 'Tools' menuitem: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail​​​ (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - ​​ ​http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816​​​ (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist​​​ (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - ​​ ​http://cn.widget.yahoo.com/index.htm?source=Cns​​​ (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg​​​ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair​​​ (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair​​​ (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean​​​ (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean​​​ (file missing)
O11 - Options group: [!CNS]  中文上网

O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:/PROGRA~1/WinKld/WinKld.dll

O23 - Service: Keep Spooler - Unknown owner - C:/Program.exe (file missing)

O23 - Service: kernl32 - Unknown owner - C:/WINDOWS/system32/kernl32.exe

O23 - Service: Net Login Helper (netlog) - Unknown owner - C:/WINDOWS/system32/SCardSer.exe

O23 - Service: svchost - Unknown owner - C:/WINDOWS/svchost.exe

O23 - Service: Windows Firewall - Unknown owner - C:/WINDOWS/G_Server1.23.exe

O23 - Service: Windows Accounts Driver (windows_0) - Unknown owner - C:/WINDOWS/system32/216.exe

O23 - Service: wljs0001.3322.org - Unknown owner - C:/WINDOWS/system32/wljs0001.3322.org.exe
---/

/---

Logfile of HijackThis v1.99.1

Scan saved at 23:35:36, on 2005-12-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:/WINDOWS/system32/kernl32.exe

C:/WINDOWS/system32/Rem.exe

C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE

C:/WINDOWS/svchost.exe

C:/WINDOWS/system32/216.exe

C:/WINDOWS/system32/xiaobo.exe

C:/WINDOWS/system32/dgd4bs.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll

R3 - URLSearchHook: (no name) - {432053B9-B579-469D-985B-ADA27240CAE6} - (no file)

F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,c:/WINDOWS/11191061761.exe

O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll

O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll

O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll

O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/DOWNLO~1/CnsHook.dll

O2 - BHO: TBSB04805 - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:/Program Files/搜索栏(S)/sobar.dll

O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll

O3 - Toolbar: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll

O4 - HKLM/../Run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe

O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/DOWNLO~1/CnsMin.dll,Rundll32

O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe

O4 - HKLM/../Run: [TinTSentp] C:/WINDOWS/system32/autoc0nv.exe

O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000

O8 - Extra context menu item: 添加到雅虎收藏+ -  http://myweb.cn.yahoo.com/post.html?F=D2_A

O9 - Extra button: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll

O9 - Extra 'Tools' menuitem: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll

O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)

O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} -  http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)

O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)

O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} -  http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)

O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL

O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)

O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)

O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)

O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)

O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -  http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)

O11 - Options group: [!CNS]  中文上网

O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:/PROGRA~1/WinKld/WinKld.dll

O23 - Service: Keep Spooler - Unknown owner - C:/Program.exe (file missing)

O23 - Service: kernl32 - Unknown owner - C:/WINDOWS/system32/kernl32.exe

O23 - Service: Net Login Helper (netlog) - Unknown owner - C:/WINDOWS/system32/SCardSer.exe

O23 - Service: svchost - Unknown owner - C:/WINDOWS/svchost.exe

O23 - Service: Windows Firewall - Unknown owner - C:/WINDOWS/G_Server1.23.exe

O23 - Service: Windows Accounts Driver (windows_0) - Unknown owner - C:/WINDOWS/system32/216.exe

O23 - Service: wljs0001.3322.org - Unknown owner - C:/WINDOWS/system32/wljs0001.3322.org.exe

---/

/---
pe_xscan 07-06-04 by Purple Endurer
2005-12-30 23:43:2
Windows XP Service Pack 2(5.1.2600)
管理员用户组

[System Process] * 0
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll

C:/WINDOWS/system32/csrss.exe * 544 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?

C:/WINDOWS/system32/winlogon.exe * 568 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
    C:/WINDOWS/system32/winlib .dll
    C:/WINDOWS/system32/45119F1B.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/WINDOWS/system32/kusn433sd3.dll | 2005-12-30 23:16:10 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?

C:/WINDOWS/system32/services.exe * 612 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?

C:/WINDOWS/system32/lsass.exe * 624 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?

C:/WINDOWS/system32/svchost.exe * 772 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/WINDOWS/system32/comwspn.dll | 2001-9-17 17:48:48

C:/WINDOWS/System32/svchost.exe * 920 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    C:/WINDOWS/System32/wshirda.dll | 2004-8-16 16:39:10 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Windows Sockets Helper DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | wshirda.dll | wshirda.dll
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    c:/windows/system32/hmvqn.dll | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | szdj | Copyright (C) Microsoft Corporation 1990-2000 | 5.1.2600.0 | Microsoft Corporation| ? | szdj | szdj.dll

C:/WINDOWS/Explorer.EXE * 1272 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
    C:/PROGRA~1/WinKld/Winkld.dat | 2006-4-30 15:18:52 | WinKalendar | 2, 0, 0, 1 | WinKld | Copyright ? 2006 | 2, 0, 0, 1 | ​​ ​www.88dog.com​​​ |  | WinKld | WinKld.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/system32/dmspn.dll | 2001-9-17 17:48:48
    C:/WINDOWS/system32/kusn433sd3.dll | 2005-12-30 23:16:10 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/WINDOWS/system32/45119F1B.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 |  |  | alrex | ALREX.DLL
    C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 |  | CnsHook | CnsHook.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 |  | CnsMinAL | AutoLive.dll
    C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 |   LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 |   |  | LiveEx | alliveex.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 |  |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 |   LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 |   |  | LiveEx | LiveEx.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ywiper.dll | 2005-11-28 15:52:8 |  Wiper 动态链接库 | 1, 0, 1, 1014 | Wiper 动态链接库 | 版权所有 (C) 2005 | 1, 0, 1, 1014| ?| ? | Wiper | ywiper.dll

C:/WINDOWS/system32/Rundll32.exe * 1556 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
     C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/DOWNLO~1/CnsMinIO.dll | 2007-4-28 16:33:54 | 3721 CnsMinIO | 2, 5, 0, 4 | CnsMinIO | 版权所有 (C) 2001 - 2004 | 2, 5, 0, 4 | 北京三七二一科技有限公司 |  | CnsMinIO | CnsMinIO.dll
    C:/WINDOWS/DOWNLO~1/cnsio.dll | 2007-4-28 16:33:42 | 3721 CnsIO | 2, 5, 0, 3 | cnsio | 版权所有 (C) 2001 - 2004 | 2, 5, 0, 3 | 北京三七二一科技有限公司 |  | cnsio | cnsio.dll
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll

C:/WINDOWS/system32/spoolsv.exe * 1784 | 2005-6-11 7:53:32 | Microsoft? Windows? Operating System | 5.1.2600.2696 | Spooler SubSystem App | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Microsoft Corporation| ? | spoolsv.exe | spoolsv.exe
    C:/WINDOWS/system32/F0D78D11.DLL | 2005-12-30 23:16:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?

C:/WINDOWS/system32/kernl32.exe * 1092 | 2004-8-17 12:0:0
 
C:/WINDOWS/system32/Rem.exe * 1956 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation |  | rpcs.exe | rpcs.exe

C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE * 1984 | 2004-8-17 12:0:0 | Microsoft(R) Windows (R) 2000 Operating System | 5.00.2134.1 | Run a DLL as an App | Copyright (C) Microsoft Corp. 1981-1999 | 5.00.2134.1 | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/WINDOWS/SYSTEM32/WBEM/XGBIR.DLL | 2004-8-17 12:0:0 | irJIT | 5, 1, 2600, 2709 | Microsoft irJIT Module | (C) Microsoft Corporation. All rights reserved. | 5, 1, 2600, 2709 | Microsoft Corporation| ? | IRJIT | IRJIT.dll
 
C:/WINDOWS/svchost.exe * 2172 | 2004-8-17 12:0:0

C:/WINDOWS/system32/216.exe * 2328 | 2005-6-11 11:5:34

C:/WINDOWS/system32/xiaobo.exe * 2404 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation |  | rpcs.exe | rpcs.exe

C:/WINDOWS/system32/dgd4bs.exe * 2800 | 2005-12-30 23:17:2
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll

C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe * 2812 | 2007-4-24 9:43:36 |   YLive | 2, 0, 7, 1010 | YLive | Copyright  2005 Yahoo! China | 2, 0, 7, 1010 | Yahoo! China |  | YLive | YLive.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe | 2007-4-24 9:43:36 |   YLive | 2, 0, 7, 1010 | YLive | Copyright  2005 Yahoo! China | 2, 0, 7, 1010 | Yahoo! China |  | YLive | YLive.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 |  |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 |   LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 |   |  | LiveEx | LiveEx.dll
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/ynotifier.dll | 2005-9-13 16:31:38 | Notifier Module | 1, 0, 0, 5 | Notifier Module | Copyright 2004 | 1, 0, 0, 5 |  |  | Notifier | Notifier.DLL

C:/WINDOWS/msagent/AgentSvr.exe * 3160 | 2004-8-17 12:0:0 | Microsoft Agent Server | 2.00.0.3422 | Microsoft Agent Server | Copyright (C) Microsoft Corp. 1997-98 | 2.00.0.3422 | Microsoft Corporation |  | AgentServer | AgentSvr.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll

C:/WINDOWS/SOUNDMAN.EXE * 3292 | 2006-3-2 7:22:4 | Realtek Sound Manager | 5, 1, 0, 52 | Realtek Sound Manager | Copyright (c) 2001-2004 Realtek Semiconductor Corp. | 5, 1, 0, 52 | Realtek Semiconductor Corp. |  | ALSMTray | ALSMTray.exe
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll

C:/WINDOWS/system32/rundll32.exe * 3672 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 |  | CnsMinAL | AutoLive.dll
    C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 |   LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 |   |  | LiveEx | alliveex.dll

C:/WINDOWS/system32/ctfmon.exe * 3812 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
 
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 2656 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 |  | ScrBlock | ScrBlock.dll
    C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 |  |  | alrex | ALREX.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock |  | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 |  | CnsHint | CnsHint.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 |  | CnsMinAL | AutoLive.dll
    C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 |   LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 |   |  | LiveEx | alliveex.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 |  |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 |   LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 |   |  | LiveEx | LiveEx.dll
    C:/WINDOWS/DOWNLO~1/cnsplus.dll | 2006-12-20 18:7:6 | 3721 CnsPlus | 2, 5, 0, 2 | CnsPlus | Copyright ? 2004 | 2, 5, 0, 2 | 3721 |  | CnsPlus | CnsPlus.dll
    C:/Program Files/搜索栏(S)/sobar.dll | 2007-5-17 16:53:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Engine | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbcore3 | tbcore3.dll
    C:/Program Files/搜索栏(S)/tbhelper.dll | 2007-5-17 16:53:0 | IE Toolbar | 3, 5, 0, 1 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbhelper | tbhelper.dll
    C:/Program Files/搜索栏(S)/alert_plugin.dll | 2007-4-27 11:12:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Alert Plugin | Copyright ? 2007 | 3, 5, 0, 0 |  |  | alert_plugin | alert_plugin.dll
    C:/Program Files/搜索栏(S)/tabs_plugin.dll | 2007-4-27 12:2:0 | IE Toolbar | 3, 5, 0, 0 | IE Toolbar Tabs Plugin | Copyright ? 2007 | 3, 5, 0, 0 |  |  | tabs_plugin | tabs_plugin.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-3-21 13:51:24 | yPhtb | 1, 1, 3, 1035 | yPhtb | Copyright 2005 Yahoo! China | 1, 1, 3, 1035 | Yahoo! China |  |  | yPhtb.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll | 2007-4-24 9:42:56 | yangling Module | 1, 0, 9, 1010 | yangling.dll |  | 1, 0, 9, 1010 | Yahoo. | Yahoo! | yangling.dll | yAngling.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-3-9 16:59:54 | DragSearch | 1, 2, 8, 1009 | DragSearch | Copyright 2005 | 1, 2, 8, 1009 |  |  |  | ydragsearch.dll
    C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 |  | CnsHook | CnsHook.dll

C:/program files/internet explorer/iexplore.exe * 2744 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
    C:/WINDOWS/system32/winsys32_070616.dll | 2005-12-30 23:18:10
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 |  | ScrBlock | ScrBlock.dll
    C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 |  |  | alrex | ALREX.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock |  | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 |  | CnsHint | CnsHint.dll

C:/Program Files/QQ2006/QQ.exe * 2080 | 2006-5-9 17:23:22 | TENCENT QQ | 0, 0, 0, 0 | QQ | Copyright ? 2005 | 0, 0, 0, 0 | TENCENT |  | COMQQD | QQ.exe
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 |  | CnsHook | CnsHook.dll

C:/Program Files/QQ2006/TIMPlatform.exe * 3044 | 2006-4-25 16:13:36 | tencent TIMPlatform | 0, 3, 1, 8 | TIMPlatform | Copyright ? 2005 | 0, 3, 1, 8 | tencent |  | TIMPlatform | TIMPlatform.exe
    C:/Program Files/QQ2006/TIMPlatform.exe | 2006-4-25 16:13:36 | tencent TIMPlatform | 0, 3, 1, 8 | TIMPlatform | Copyright ? 2005 | 0, 3, 1, 8 | tencent |  | TIMPlatform | TIMPlatform.exe
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/Program Files/QQ2006/TIMProxy.dll | 2006-4-25 17:9:56 | tencent QQMainCreatorProxy | 0, 3, 2, 4 | TIMProxy | Copyright ? 2004 | 0, 3, 2, 4 | tencent |  | TIMProxy | QQMainCreatorProxy.dll

C:/Program Files/Internet Explorer/IEXPLORE.EXE * 1504 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
    C:/PROGRA~1/3721/helper.dll | 2007-6-4 14:7:38 | 中文上网 | 2.5.0.1001 | Autolive_helper | 版权所有 (C) 2007 | 2.5.1.1004 | 北京三七二一科技有限公司 |  | Autolive_helper | Helper.dll
    C:/PROGRA~1/3721/scrblock.dll | 2005-4-5 16:4:4 | 3721 ScrBlock | 1, 0, 1, 1000 | ScrBlock | Copyright ? 2004 | 1, 0, 1, 1000 | 3721 |  | ScrBlock | ScrBlock.dll
    C:/PROGRA~1/3721/alrex.dll | 2006-12-21 17:53:48 | alrex Module | 2.5.0.1002 | alrex Module | Copyright 2006 | 2.5.0.1002 |  |  | alrex | ALREX.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2006-9-22 10:49:8 | Helper Module | 2, 0, 9, 1027 | Helper Module | Copyright 2004 | 2, 0, 9, 1027 |  |  | Helper | Helper.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll | 2006-5-18 16:53:24 | yScrBlock module | 1, 0, 2, 1002 | yScrBlock |  | 1, 0, 2, 1002 | Yahoo | Yahoo! | yScrBlock | yScrBlock.dll
    C:/WINDOWS/DOWNLO~1/CnsMin.dll | 2007-6-8 17:41:58 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.0.9 | 国风因特软件(北京)有限公司 |  | CnsMin | CnsMin.dll
    C:/WINDOWS/DOWNLO~1/CnsHint.dll | 2006-12-20 18:7:10 | 3721 CnsHint | 2, 5, 0, 2 | CnsHint | Copyright ? 2004 | 2, 5, 0, 2 | 3721 |  | CnsHint | CnsHint.dll
    C:/PROGRA~1/3721/autolive.dll | 2007-6-4 14:8:16 | 中文上网 | 2.5.0.1001 | CnsMinAL | 版权所有 (C) 2007 | 2.5.4.1009 | 北京三七二一科技有限公司 |  | CnsMinAL | AutoLive.dll
    C:/PROGRA~1/3721/alLiveEx.dll | 2006-3-21 14:20:6 |   LiveEx | 1, 0, 3, 1006 | LiveEx | Copyright ? 2006 | 1, 0, 3, 1006 |   |  | LiveEx | alliveex.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/YAlive.dll | 2006-12-25 9:10:6 | YAlive Module | 2, 2, 0, 1050 | YAlive Module | Copyright 2005 | 2, 2, 0, 1050 |  |  | YAlive | YAlive.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-3-21 13:49:44 |   LiveEx | 2, 0, 1, 1007 | LiveEx | Copyright ? 2005 | 2, 0, 1, 1007 |   |  | LiveEx | LiveEx.dll
    C:/WINDOWS/DOWNLO~1/cnsplus.dll | 2006-12-20 18:7:6 | 3721 CnsPlus | 2, 5, 0, 2 | CnsPlus | Copyright ? 2004 | 2, 5, 0, 2 | 3721 |  | CnsPlus | CnsPlus.dll
    C:/Program Files/搜索栏(S)/sobar.dll | 2007-5-17 16:53:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Engine | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbcore3 | tbcore3.dll
    C:/Program Files/搜索栏(S)/tbhelper.dll | 2007-5-17 16:53:0 | IE Toolbar | 3, 5, 0, 1 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 5, 0, 1| ?| ? | tbhelper | tbhelper.dll
    C:/Program Files/搜索栏(S)/alert_plugin.dll | 2007-4-27 11:12:0 | IE Toolbar | 3,5,0,0 | IE Toolbar Alert Plugin | Copyright ? 2007 | 3, 5, 0, 0 |  |  | alert_plugin | alert_plugin.dll
    C:/Program Files/搜索栏(S)/tabs_plugin.dll | 2007-4-27 12:2:0 | IE Toolbar | 3, 5, 0, 0 | IE Toolbar Tabs Plugin | Copyright ? 2007 | 3, 5, 0, 0 |  |  | tabs_plugin | tabs_plugin.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-3-21 13:51:24 | yPhtb | 1, 1, 3, 1035 | yPhtb | Copyright 2005 Yahoo! China | 1, 1, 3, 1035 | Yahoo! China |  |  | yPhtb.dll
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll | 2007-4-24 9:42:56 | yangling Module | 1, 0, 9, 1010 | yangling.dll |  | 1, 0, 9, 1010 | Yahoo. | Yahoo! | yangling.dll | yAngling.DLL
    C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-3-9 16:59:54 | DragSearch | 1, 2, 8, 1009 | DragSearch | Copyright 2005 | 1, 2, 8, 1009 |  |  |  | ydragsearch.dll
    C:/WINDOWS/DOWNLO~1/CnsHook.dll | 2007-5-11 16:31:38 | 中文上网 | 1.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.5 | 北京三七二一科技有限公司 |  | CnsHook | CnsHook.dll

F2 - REG: system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,c:/WINDOWS/11191061761.exe

O2 - BHO Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll
O2 - BHO AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dll
O2 - BHO 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O2 - BHO DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL
O2 - BHO C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/DOWNLO~1/CnsHook.dll
O2 - BHO TBSB04805 Class - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:/Program Files/搜索栏(S)/sobar.dll

O3 - IE工具栏: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O3 - IE工具栏:  - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll

O4 - HKCR/../Run: [Yahoo! Pager] "C:/PROGRA~1/Yahoo!/MESSEN~1/YAHOOM~1.EXE" -quiet
O4 - HKLM/../Run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe
O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/DOWNLO~1/CnsMin.dll,Rundll32
O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe
O4 - HKLM/../Run: [TinTSentp] C:/WINDOWS/system32/autoc0nv.exe
O4 - HKLM/../Run: [helper.dll] C:/WINDOWS/system32/rundll32.exe C:/PROGRA~1/3721/helper.dll,Rundll32

O4 - HKLM/../Policies/Explorer/Run: [Userinit] rundll32.exe C:/WINDOWS/system32/winsys16_070616.dll start

C:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
D:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
E:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/
F:/autorun.inf
/-----
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell//Auto//command=IO.pif
-----/

O8 - IE右键菜单附加项 : 添加到雅虎收藏+ - ​ ​http://myweb.cn.yahoo.com/post.html?F=D2_A​​

O9 - IE工具栏扩展按钮HKLM:工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - IE工具菜单扩展项HKLM:工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:/Program Files/搜索栏(S)/sobar.dll
O9 - IE工具栏扩展按钮HKLM:Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - ​​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail​​​O9 - IE工具菜单扩展项HKLM: - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail​​O9 - IE工具栏扩展按钮HKLM:名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - ​ ​http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816​​O9 - IE工具菜单扩展项HKLM: - {59BC54A2-56B3-44a0-93E5-432D58746E26} - ​ ​http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816​​O9 - IE工具栏扩展按钮HKLM:雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist​​O9 - IE工具菜单扩展项HKLM: - {5D73EE86-05F1-49ed-B850-E423120EC338} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist​​O9 - IE工具栏扩展按钮HKLM:雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - ​ ​http://cn.widget.yahoo.com/index.htm?source=Cns​​O9 - IE工具菜单扩展项HKLM: - {6354ABE6-05F1-49ed-B850-E423120EC338} - ​ ​http://cn.widget.yahoo.com/index.htm?source=Cns​​O9 - IE工具栏扩展按钮HKLM:情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg​​O9 - IE工具菜单扩展项HKLM: - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg​​O9 - IE工具栏扩展按钮HKLM: - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair​​O9 - IE工具菜单扩展项HKLM:修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair​​O9 - IE工具栏扩展按钮HKLM: - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean​​O9 - IE工具菜单扩展项HKLM:清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - ​ ​http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean​​

O11 - IE扩展选项组:!CNS ( 中文上网) = @C:/WINDOWS/DOWNLO~1/CnsMin.dll,-117

O21 - SSODL - SysTime(88Dog.Kalendar) - {724C75F1-B757-408D-A50A-4CF99DA35D73} = C:/PROGRA~1/WinKld/WinKld.dll

O23 - 服务: 3A452D83 (3A452D83) - C:/WINDOWS/system32/24E9F3BC.EXE -k | 2005-6-18 22:49:6 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: acpidisk (acpidisk) - C:/WINDOWS/system32/drivers/acpidisk.sys | 2007-5-8 11:14:50(自动)

O23 - 服务: AEA6EAEC (AEA6EAEC) - C:/WINDOWS/system32/2DD519ED.EXE -p | 2007-6-16 6:27:26 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: B302EC43 (B302EC43) - C:/WINDOWS/system32/75D23BE4.EXE -d | 2005-12-30 23:12:42 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: CnsMinKP (CnsMinKP) - system32/drivers/CnsMinKP.sys | KMD | 2.0.3.9 | KMD | Copyright (c) 3721 Corporation. | 2.0.3.9 | Copyright (C) 3721 Corporation.| ? | CnsMinKP.sys | CnsMinKP.sys(引导)

O23 - 服务: CnsStd (CnsStd) - C:/WINDOWS/System32/drivers/CnsStd.sys | 2005-6-10 16:48:18 | 中文上网 | 1, 0, 0, 1002| ?| ? | 1, 0, 0, 1002 | 北京三七二一科技有限公司| ?| ?| ?(自动)

O23 - 服务: FB000E3A (FB000E3A) - C:/WINDOWS/system32/F77B20D5.EXE -k | 2005-12-30 22:51:2 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: Investor (HTTP Secure Manager) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/system32/hmvqn.dll | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | szdj | Copyright (C) Microsoft Corporation 1990-2000 | 5.1.2600.0 | Microsoft Corporation| ? | szdj | szdj.dll(自动)

O23 - 服务: kdkfpdnd (kdkfpdnd) - C:/WINDOWS/System32/drivers/kdkfpdnd.sys | 2005-12-30 22:50:14 |  sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)

O23 - 服务: Keep Spooler (Keep Spooler) - C:/Program Files/Common Files/kim(自动)

O23 - 服务: kernl32 (kernl32) - C:/WINDOWS/system32/kernl32.exe | 2004-8-17 12:0:0(自动)

O23 - 服务: kusn33sd (kusn33sd) - C:/WINDOWS/system32/kusn33sd.exe -j | 2005-12-30 22:50:30 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: netlog (Net Login Helper) - C:/WINDOWS/system32/SCardSer.exe  | 2001-9-17 17:48:48(自动)

O23 - 服务: R2A (R2A) - C:/WINDOWS/system32a2.sys(禁用)

O23 - 服务: Rem (re Call System(RPCS)) - C:/WINDOWS/system32/Rem.exe | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation |  | rpcs.exe | rpcs.exe(自动)

O23 - 服务: SOCEESe (Intranet Messenger) - C:/WINDOWS/SYSTEM32/RUNDLLFOROUR.EXE C:/WINDOWS/SYSTEM32/WBEM/XGBIR.DLL,DllRegisterServer 1087(自动)

O23 - 服务: svchost (svchost) - C:/WINDOWS/svchost.exe | 2004-8-17 12:0:0(自动)

O23 - 服务: Windows Firewall (Windows Firewall) - C:/WINDOWS/G_Server1.23.exe | 2005-6-14 16:4:2(自动)

O23 - 服务: windows_0 (Windows Accounts Driver) - C:/WINDOWS/system32/216.exe | 2005-6-11 11:5:34(自动)

O23 - 服务: wljs0001.3322.org (wljs0001.3322.org) - C:/WINDOWS/system32/wljs0001.3322.org.exe | 2005-12-30 23:13:2(自动)

O23 - 服务: xiaobo (xiaobo) - C:/WINDOWS/system32/xiaobo.exe | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation |  | rpcs.exe | rpcs.exe(自动)

O24 - ShlExecHook: [CnsHook Class] - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:/WINDOWS/DOWNLO~1/CnsHook.dll

O25 - InsCom: {2bf41073-b2b1-21c1-b5c1-0701f4155588} = C:/Program Files/Common Files/Services/svchost.exe
---/
32.QQRob.lg,Backdoor.Win32.Agent.bcn等1
https://blog.51cto.com/endurer/5881550

用IceSword 查看,又发现两个隐藏的IE进程。

其中有几个病毒进程互相守护,用IceSword,禁止进程创建和禁用协件,再终止病毒进程,几次都造成蓝屏~

相关文章
|
2月前
|
安全 Shell
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等1
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等1
|
2月前
|
Windows
遭遇 Trojan.DL.Agent.cjy、ltnward.exe、34E0AE22.dll 等
遭遇 Trojan.DL.Agent.cjy、ltnward.exe、34E0AE22.dll 等
|
2月前
|
监控 安全 数据安全/隐私保护
遭遇Trojan-PSW.Win32.WOW,Trojan.PSW.Win32.OnlineGames,Trojan.MnLess.kks等1
遭遇Trojan-PSW.Win32.WOW,Trojan.PSW.Win32.OnlineGames,Trojan.MnLess.kks等1
数码相机存储卡居然带system.exe / Virus.Win32.Delf.an / Dropper.Gpigeon.fc
数码相机存储卡居然带system.exe / Virus.Win32.Delf.an / Dropper.Gpigeon.fc
|
2月前
|
安全
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等1
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等1
|
2月前
|
安全 Windows
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等2
遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等2
|
2月前
|
安全 JavaScript 前端开发
某农业产品贸易网挂马Trojan.DL.Win32.Mnless.bes/Trojan-Dropper.Win32.Agent.xdu
某农业产品贸易网挂马Trojan.DL.Win32.Mnless.bes/Trojan-Dropper.Win32.Agent.xdu
|
2月前
|
网络安全
遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1
遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1
|
2月前
|
安全
遭遇Trojan.PSW.JHOnline,Trojan.Spy.Agent等之后
遭遇Trojan.PSW.JHOnline,Trojan.Spy.Agent等之后
|
2月前
|
安全
遭遇RootKit.Win32.GameHack,Trojan.PSW.Win32.QQPass,Trojan-PSW.Win32.OnLineGames等1
遭遇RootKit.Win32.GameHack,Trojan.PSW.Win32.QQPass,Trojan-PSW.Win32.OnLineGames等1