高手分析hijack结果
来源:学生作业帮 编辑:大师作文网作业帮 分类:综合作业 时间:2024/11/18 15:17:53
高手分析hijack结果
R3 - URLSearchHook:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
F2 - REG:system.ini:UserInit=userinit.exe
O2 - BHO:Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO:yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO:Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO:CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO:YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO:ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO:PudMdljk Class - {E337A5F0-954F-36F7-FC83-F8394685768E} - C:\WINDOWS\DOWNLO~1\dkgdvul.dll
O2 - BHO:WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run:[Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - 启动项HKLM\\Run:[SetRoute] C:\Program Files\L2TPHelp\setroute.exe
O4 - 启动项HKLM\\Run:[TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run:[CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run:[YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run:[StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run:[yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run:[] C:\Program Files\Common Files\Services\svchost.exe
O4 - 启动项HKLM\\Run:[System] C:\Program Files\Common Files\system\Updaterun.exe
O4 - 启动项HKLM\\Run:[Mrxiaokan1] C:\Program Files\Internet Explorer\SPLOLE.exe
O4 - 启动项HKLM\\Run:[SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKCU\..\Run:[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
R3 - URLSearchHook:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
F2 - REG:system.ini:UserInit=userinit.exe
O2 - BHO:Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO:yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO:Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO:CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO:YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO:ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO:PudMdljk Class - {E337A5F0-954F-36F7-FC83-F8394685768E} - C:\WINDOWS\DOWNLO~1\dkgdvul.dll
O2 - BHO:WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项:雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run:[Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - 启动项HKLM\\Run:[SetRoute] C:\Program Files\L2TPHelp\setroute.exe
O4 - 启动项HKLM\\Run:[TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run:[CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run:[YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run:[StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run:[yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run:[] C:\Program Files\Common Files\Services\svchost.exe
O4 - 启动项HKLM\\Run:[System] C:\Program Files\Common Files\system\Updaterun.exe
O4 - 启动项HKLM\\Run:[Mrxiaokan1] C:\Program Files\Internet Explorer\SPLOLE.exe
O4 - 启动项HKLM\\Run:[SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKCU\..\Run:[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O2 - BHO:PudMdljk Class - {E337A5F0-954F-36F7-FC83-F8394685768E} - C:\WINDOWS\DOWNLO~1\dkgdvul.dll
这可能是一个木马的服务进程
O4 - 启动项HKLM\\Run:[Mrxiaokan1] C:\Program Files\Internet Explorer\SPLOLE.exe
可能是一个木马的主程序的启动项.具体是什么木马,这里不好判断,你可以用杀毒软件扫描一下就清楚了.
建议先用杀毒软件升级到最新版,到安全模式下杀毒.对实在清不掉的,可以通过HijackThis或SRE日至分析,手工清除.上面分析的那两项,先用HijackThis将其注册表项清除,然后直接删文件就可以了.实在删不掉,找一下IceSword、Unlocker之类的工具删.
O2 - BHO:WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - 启动项HKLM\\Run:[CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
恶评很高的CNNIC,被广泛称为流氓软件,建议用360安全卫士清除
这可能是一个木马的服务进程
O4 - 启动项HKLM\\Run:[Mrxiaokan1] C:\Program Files\Internet Explorer\SPLOLE.exe
可能是一个木马的主程序的启动项.具体是什么木马,这里不好判断,你可以用杀毒软件扫描一下就清楚了.
建议先用杀毒软件升级到最新版,到安全模式下杀毒.对实在清不掉的,可以通过HijackThis或SRE日至分析,手工清除.上面分析的那两项,先用HijackThis将其注册表项清除,然后直接删文件就可以了.实在删不掉,找一下IceSword、Unlocker之类的工具删.
O2 - BHO:WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - 启动项HKLM\\Run:[CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
恶评很高的CNNIC,被广泛称为流氓软件,建议用360安全卫士清除