瑞星杀毒软件、奇虎360杀毒软件、360卫士、百度卫士联手,搞不定弹出广告 恶意广告图标
一位網(wǎng)友說他的電腦最近出了問題:開機后桌面和任務(wù)欄上的快速啟動欄會出現(xiàn)惡意圖標(biāo),刪除了下次開機又會出現(xiàn);使用電腦過程中每分鐘都會彈出廣告。他為電腦安裝了瑞星殺毒軟件、奇虎360殺毒軟件、360衛(wèi)士、百度衛(wèi)士,以及廣告神盾,都不能解決問題。現(xiàn)在電腦開機時需要幾分鐘才能進入桌面。請求幫忙。
這些惡意廣告圖標(biāo)pe_xscan掃描log中的相關(guān)項目:
?
hao123_網(wǎng)址導(dǎo)航_Internet.lnk -> http://www.hao123.com/?tn=90618383_hao_pg
Inteent Exploror.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
Intronnt HaoDao.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
lentent Epxlroer.lnk -> http://www.3600.com/?src=lm&ls=n525187378f
今日黃歷.lnk -> C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe
折子購物.lnk -> C:\Program Files\zhezi\app\zhezi\zhezi.exe
極速搶票入口.lnk -> http://www.hao123.com/?tn=93947501_hao_pg
愛淘寶.lnk -> http://t.cn/Rv8Fg27
?
在QQ上遠程協(xié)助,依次用奇虎360殺毒軟件、360衛(wèi)士、瑞星殺毒軟件、百度衛(wèi)士進行掃描查殺,確認桌面和任務(wù)欄上的快速啟動欄會出現(xiàn)惡意廣告圖標(biāo)都刪除了。
?
然后重啟電腦一看,這些圖標(biāo)又出來了。
用pe_xscan掃描log并分析:
pe_xscan 11-03-17 by Purple Endurer
2014-7-10 9:27:11
Windows XP Service Pack 3(5.1.2600)
MSIE:8.0.6001.18702
管理員用戶組
正常模式
[System Process] * 0?|$X
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\baidu\BaiduAn\2.1.0.1214\BaiduAnSvc.exe * 1200?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDLogicUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSkin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDMAVEng.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMReport.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\bduf.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMNet.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\plugins\RTPPlugins\BDMSOAccServicePlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMProcessRunningTime.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\plugins\RTPPlugins\HIPS.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:11
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\DriverManager.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\ad.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:9
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDKitUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\TrustAndIso.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\WINDOWS\system32\svchost.exe * 1232?|$M$?|?2008-6-2 8:0:0
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Program Files\Rising\RSD\RsMgrSvc.exe * 1476?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Rising\RSD\comx3.dll?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Rising\RSD\Syslay.dll?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
C:\Program Files\Rising\RAV\ravmond.exe * 1492?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-15 14:57:11
C:\WINDOWS\system32\svchost.exe * 1528?|$M$?|?2008-6-2 8:0:0
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
C:\WINDOWS\system32\svchost.exe * 1664?|$M$?|?2008-6-2 8:0:0
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\WINDOWS\system32\svchost.exe * 1736?|$M$?|?2008-6-2 8:0:0
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Program Files\stickynotes\stickynotes.exe * 1776?|$Beijing Panshi Yongye Investment Co.,Ltd.?|?2014-7-4 14:41:8
??? C:\Program Files\stickynotes\stickynotes.dll?|$Beijing Panshi Yongye Investment Co.,Ltd.?|?2014-7-4 14:41:10
C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe * 1848?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-27 22:0:44
??? C:\Program Files\360\360Safe\360base.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-22 11:48:30
??? C:\Program Files\360\360Safe\360util.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-18 12:6:38
??? C:\Program Files\360\360Safe\360conf.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-22 11:48:38
??? C:\Program Files\360\360Safe\deepscan\cloudcom2.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-26 15:30:12
??? C:\Program Files\360\360Safe\360leakfixplugin.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-22 11:51:0
??? C:\Program Files\360\360Safe\SoftMgr\360SoftMgrS.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-15 9:25:38
??? C:\Program Files\360\360Safe\360NetBase.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-28 18:22:42
??? C:\Program Files\360\360Safe\deepscan\heavygate.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-22 11:50:6
??? C:\Program Files\360\360Safe\deepscan\qutmload.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-6 14:22:12
??? C:\Program Files\360\360Safe\deepscan\bapi.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-16 19:23:34
??? C:\Program Files\360\360Safe\SoftMgr\360OptExt.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-24 10:58:46
??? C:\Program Files\360\360Safe\sweeper\CleanSoft.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-25 16:27:44
??? C:\Program Files\360\360Safe\sweeper\CleanSoftEng.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-12 12:50:50
C:\WINDOWS\system32\spoolsv.exe * 264?|$M$?|?2011-6-15 17:8:54
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\WINDOWS\explorer.exe * 1836?|$M$?|?2008-6-2 8:0:0
??? D:\Program Files\360\360sd\ShellIco.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-20 20:7:5
??? C:\Program Files\360\360Safe\safemon\360UDiskGuard.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-6 10:53:58
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbshld.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-30 15:7:51
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\360\360Safe\SoftMgr\SML\SMLLauncher.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-17 18:34:36
??? C:\Program Files\360\360Safe\360Base.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-22 11:48:30
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\360\360Safe\safemon\Safehmpg.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-17 14:51:8
??? C:\Program Files\360\360Safe\safemon\iNetSafe.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-6 12:18:52
??? C:\Program Files\360\360Safe\safemon\wdexhelper.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-17 16:23:14
??? C:\Program Files\WinRAR\rarext.dll?|$X?|?2013-1-4 14:36:24| ?| ?| ?| ?| ?| ?| ?| ?| ?
??? d:\Program Files\360\360sd\MenuEx.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-20 20:7:19
??? C:\Program Files\360\360Safe\Utils\shell360ext.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-9 18:20:6
??? C:\WINDOWS\system32\ravext.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-1-5 9:4:41
??? C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL?|$X?|?2012-8-17 16:27:58 | Microsoft? Visual Studio? 2005 | 8.00.50727.4053 | ATL Module for Windows (Unicode) | ? Microsoft Corporation.? All rights reserved. | 8.00.50727.4053 | Microsoft Corporation| ? | ATL80.DLL | ATL80.DLL
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
??? C:\WINDOWS\system32\diactkf.dll?|$X?|?2014-7-1 8:5:3 | TK | 1.01.0006 |?? | (C) Microsoft Corporation. All rights reserved. | 1.01.0006 | TK| ? | TuKu | TuKu.dll
??? C:\WINDOWS\system32\SGWPShe32.dll?|$Sogou.com?|?2014-5-26 17:7:30
??? C:\Program Files\360\360Safe\SoftMgr\SoftMgrExt.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-7 11:16:36
??? C:\WINDOWS\system32\shellfire.dll?|$PPLive Corporation?|?2014-7-2 15:29:30
??? C:\Documents and Settings\Administrator\Application Data\Wandoujia2\Applications\2.67.0.4980\wandoujia_shlext_dll.dll?|$Wandou Technology Ltd?|?2013-11-25 20:8:12
C:\Program Files\XCFaXian\lssvr.exe * 2292?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28
C:\Program Files\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe * 2500?|$Sogou.com?|?2014-5-14 8:29:48
??? C:\Program Files\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe?|$Sogou.com?|?2014-5-14 8:29:48
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Program Files\Rising\RAV\rstray.exe * 2648?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-15 14:57:13
C:\Program Files\廣告神盾\0707150103\ADShendun32.exe * 2748?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-6-23 14:27:34
??? C:\Program Files\廣告神盾\0707150103\ADShendun32.exe?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-6-23 14:27:34
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\yyfm0529\2014071008\yymusic05.exe * 3272?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:53:58
??? C:\Program Files\yyfm0529\2014071008\yymusic05.exe?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:53:58
??? C:\Program Files\yyfm0529\2014071008\avcore.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:0
??? C:\Program Files\yyfm0529\2014071008\audio.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:0
??? C:\Program Files\yyfm0529\2014071008\libav.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:6
??? C:\Program Files\yyfm0529\2014071008\pthreadGC2.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:53:54
??? C:\Program Files\yyfm0529\2014071008\swresample-0.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:53:56
??? C:\Program Files\yyfm0529\2014071008\avutil-52.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:4
??? C:\Program Files\yyfm0529\2014071008\avformat-54.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:2
??? C:\Program Files\yyfm0529\2014071008\avcodec-54.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:0
??? C:\Program Files\yyfm0529\2014071008\source.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:53:54
??? C:\Program Files\yyfm0529\2014071008\DuiLib.dll?|$GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.?|?2014-6-6 1:54:6
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\XCFaXian\XCFaXian.exe * 3424?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28
??? C:\Program Files\XCFaXian\XCFaXian.exe?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
C:\Program Files\Rising\RSD\popwndexe.exe * 3448?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Rising\RSD\popwndexe.exe?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Rising\RSD\rsdk.dll?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Rising\RSD\rsmginfo.dll?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37
??? C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL?|$Microsoft Corporation?|?2013-1-4 14:36:22
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe * 3892?|$深圳億緯科技有限公司?|?2014-7-10 8:4:58
??? C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe?|$深圳億緯科技有限公司?|?2014-7-10 8:4:58
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\WINDOWS\system32\rundll32.exe * 1956?|$M$?|?2008-6-2 8:0:0
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\WINDOWS\system32\ctfmon.exe * 436?|$M$?|?2008-6-2 8:0:0
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\baidu\BaiduAn\2.1.0.1214\BaiduAnTray.exe * 976?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\baiduanTray.exe?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSkin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDLogicUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMPatcherPlugins\BDMConnect.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:5
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmtrayplugins\BDMTrayTipsPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMTrayPlugins\BDMSusPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\plugins\bdmsusplugins\BDMSOAccSusPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\plugins\bdmsusplugins\BDMNetMonSusPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccMgr.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccStrategyMgr.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccEngine.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMNetMonMgrDll.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMReport.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMNet.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmtrayplugins\BDMSOAccTrayPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\SysAccMgrDll.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDKitUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmtrayplugins\BDMSOCleanerTrayPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMUpdate.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMDownload.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Documents and Settings\Administrator\Application Data\nlcal\nlcalQuick.exe * 3936?|$深圳億緯科技有限公司?|?2014-7-10 8:4:58
??? C:\Documents and Settings\Administrator\Application Data\nlcal\nlcalQuick.exe?|$深圳億緯科技有限公司?|?2014-7-10 8:4:58
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Documents and Settings\Administrator\Application Data\nlcal\AssistModule.dll?|$深圳億緯科技有限公司?|?2014-7-10 8:4:58
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\Common Files\Baidu\BDDownload\107\bddownloader.exe * 3168?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:20
??? c:\program files\common files\baidu\bddownload\107\bddownloader.exe?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:20
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? c:\program files\common files\baidu\bddownload\107\dl.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:20
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
C:\Program Files\廣告神盾\0707150103\server\ADShendunProxy32.exe * 5500?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-6-9 22:7:10
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Program Files\baidu\BaiduAn\2.1.0.1214\BaiduAn.exe * 5896?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMMainframe.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDLogicUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSkin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMSOManagerPlugins\BDMSOCleanerPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\SYSCleaner.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMScriptVM.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\GCScriptBind.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMWindowsLib.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:18
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\SysAccMgrDll.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDKitUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccMgr.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccStrategyMgr.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMSOLiveAccEngine.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSOManager\BDMNetMonMgrDll.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmmainframeplugins\BDMSWManagerFrame.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSWNestCore.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmmainframeplugins\BDMSafePlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmsafeplugins\BDMKVMainPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMSafePlugins\BDMPatcherPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmsafeplugins\BDMSysFixerPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMPatcherPlugins\BDMConnect.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:5
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMReport.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMNet.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\FTSysFixer\SysFixer.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSWParseDetect.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:18
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\bdmkvscanplugin\BDMKVScanPlugin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:15
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\CompatibilityChecker.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDMRepMgr.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDMRepBase.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\BDMAVEng.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\bdmantivirus\TrustAndIso.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
C:\Program Files\baidu\BaiduAn\2.1.0.1214\BDALeakfixer.exe * 4608?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDALeakfixer.exe?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDLogicUtils.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMSkin.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMPatcherPlugins\BDMPatcher.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:13
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\Plugins\BDMPatcherPlugins\BDMConnect.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:5
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMReport.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMNet.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BDMDownload.dll?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:17
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
C:\Program Files\Rising\RAV\rsmain.exe * 340?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:15:1
C:\Program Files\XCFaXian\XCFaXian.exe * 4384?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28
??? C:\Program Files\XCFaXian\XCFaXian.exe?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28
??? C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
??? C:\Program Files\Rising\RAV\rsmgr.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-4-17 20:7:23
??? C:\Program Files\Rising\RAV\wbprotect.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-2-27 17:52:42
??? C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
??? C:\Program Files\Rising\RAV\ravscrch.dll?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-26 14:59:59
??? C:\Program Files\廣告神盾\0707150103\adhkdll.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:31:42
??? C:\WINDOWS\system32\Macromed\Flash\Flash32_14_0_0_145.ocx?|$Adobe Systems Incorporated?|?2014-7-9 8:2:30
O2 - IeAddOn(360sdbho Class) - {0F4BF955-A127-41B7-A998-369904AA2578}
?? = D:\Program Files\360\360sd\360sdbho.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-20 18:29:58
O2 - IeAddOn(廣告神盾IE插件) - {5AC58093-0F4D-4D65-A40B-007DDD7A79CF}
?? = C:\Program Files\廣告神盾\0707150103\ieplugin32.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:32:0
O2 - IeAddOn(SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D}
?? = C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
O2 - IeAddOn(搜狗輸入法地址欄搜索) - {0C3ED74B-8703-4003-A1F4-2B2A0C450DD2}
?? = C:\Program Files\SogouInput\Components\AddressSearch\OmniAddr\OmniAddr.dll?|$Sogou.com?|?2014-5-14 8:29:47
O2 - IeAddOn(360sdbho Class) - {0F4BF955-A127-41B7-A998-369904AA2578}
?? = D:\Program Files\360\360sd\360sdbho.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-20 18:29:58
O2 - IeAddOn(廣告神盾IE插件) - {5AC58093-0F4D-4D65-A40B-007DDD7A79CF}
?? = C:\Program Files\廣告神盾\0707150103\ieplugin32.dll?|$Guangzhou Feiwu Network Science and Technology Co., Ltd.?|?2014-5-22 20:32:0
O2 - IeAddOn(360SafeLive) - {87515F61-A66C-4319-A0E0-D416CB8059E3}
?? = C:\Program Files\360\360Safe\Safelive.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-5 18:46:50
O2 - IeAddOn(SetupCtrl Class) - {8C891026-0BE9-434E-B807-118E6E5EA3B6}
?? = C:\WINDOWS\Downloaded Program Files\276828\BaiduSetupAx_0.dll?|$Baidu (China) Co., Ltd.?|?2012-12-26 15:34:22
O2 - IeAddOn(SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D}
?? = C:\Program Files\360\360Safe\safemon\safemon.dll?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-13 17:24:40
O2 - IeAddOn(BDBProtocolHelperImpl Class) - {E1819698-0CD0-435C-AE0D-F288924C40A1}
?? = C:\Program Files\baidu\BaiduPlayer\3.9.3.12\bdbph.dll?|$Baidu (China) Co., Ltd.?|?2014-6-13 15:36:28
O4 - HKCU\..\run: [360sd] "D:\Program Files\360\360sd\360sd.exe" /autorun
O4 - HKCU\..\run: [XCFaXian] "C:\Program Files\XCFaXian\XCFaXian.exe" /A
O4 - HKLM\..\run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O4 - HKLM\..\run: [RavTRAY] "C:\Program Files\Rising\RAV\RSTRAY.EXE" -system
O4 - HKLM\..\run: [ADSD0707150103] "C:\Program Files\廣告神盾\0707150103\ADShendun32.exe" tray
O4 - HKLM\..\run: [yyfm0529_2014071008] "C:\Program Files\yyfm0529\2014071008\yymusic05.exe" -mini
O4 - HKLM\..\run: [yyfm0529_News_2014071008] "C:\Program Files\yyfm0529\2014071008\YFMSever.exe" -mini
O4 - HKLM\..\run: [nlcal] C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe /start
O4 - HKLM\..\run: [BaiduAnTray] "C:\Program Files\Baidu\BaiduAn\2.1.0.1214\BaiduAnTray.exe"? -stmd=3
BaiduBrowserUpdater.job -> C:\Program Files\Baidu\BaiduBrowser\bdupdate.exe --check --type=auto --fromautorun
游戲盒子版本更新檢測.job -> C:\Documents and Settings\All Users\Application Data\GBX2014710\GameBox.exe /check_update
O10 - LSP: npzz over [MSAFD Tcpip [TCP/IP]] = C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
O10 - LSP: npzz over [MSAFD Tcpip [UDP/IP]] = C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
O10 - LSP: npzz = C:\Documents and Settings\All Users\Application Data\zhezi\bin2\h\ximvdemx.dll?|$北京精益求德科技有限公司?|?2014-7-10 8:5:18
O23 - 服務(wù): 360AntiHacker (360Safe Anti Hacker Service) - System32\Drivers\360AntiHacker.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-18 16:7:8(系統(tǒng))
O23 - 服務(wù): 360AvFlt (360AvFlt mini-filter driver) - system32\DRIVERS\360AvFlt.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-26 11:29:55(手動)
O23 - 服務(wù): 360Box (360Box mini-filter driver) - system32\DRIVERS\360Box.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-27 17:3:12(系統(tǒng))
O23 - 服務(wù): 360Camera (360Safe Camera Filter Service) - System32\Drivers\360Camera.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-18 16:30:26(手動)
O23 - 服務(wù): 360netmon (360netmon) - C:\WINDOWS\system32\drivers\360netmon.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-27 11:1:50(系統(tǒng))
O23 - 服務(wù): 360qpesv (360qpesv driver) - C:\WINDOWS\system32\drivers\360qpesv.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-29 20:27:0(系統(tǒng))
O23 - 服務(wù): 360rp (360 殺毒實時防護加載服務(wù)) - "D:\Program Files\360\360sd\360rps.exe"?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-2-24 10:40:33(自動)
O23 - 服務(wù): 360SelfProtection (360SelfProtection) - system32\drivers\360SelfProtection.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-21 21:17:58(系統(tǒng))
O23 - 服務(wù): BAPIDRV (BAPIDRV) - system32\DRIVERS\BAPIDRV.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-18 15:33:16(系統(tǒng))
O23 - 服務(wù): bd0001 (bd0001) - system32\DRIVERS\bd0001.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-6-13 16:38:54(系統(tǒng))
O23 - 服務(wù): bd0002 (bd0002) - system32\DRIVERS\bd0002.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-3-11 17:36:8(系統(tǒng))
O23 - 服務(wù): bd0004 (bd0004) - system32\DRIVERS\bd0004.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 7:58:15(系統(tǒng))
O23 - 服務(wù): BDArKit (BDArKit) - system32\DRIVERS\BDArKit.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-2 8:3:11(手動)
O23 - 服務(wù): BDMNetMon (BDMNetMon) - system32\DRIVERS\BDMNetMon.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:21(自動)
O23 - 服務(wù): BDMRTP (BDMRTP Service) - "C:\Program Files\Baidu\BaiduAn\2.1.0.1214\baiduanSvc.exe" -r?|$Beijing baidu Netcom science and technology co.ltd?|?2014-5-4 19:59:16(自動)
O23 - 服務(wù): BDMWrench (BDMWrench) - system32\DRIVERS\BDMWrench.sys?|$Beijing baidu Netcom science and technology co.ltd?|?2014-7-8 14:26:44(系統(tǒng))
O23 - 服務(wù): BDSGRTP (BDSGRTP Service) - "C:\Program Files\Common Files\Baidu\BaiduProtect\1.2.0.47\BaiduProtect.exe" -r?|$X(自動)
O23 - 服務(wù): DsArk (DsArk) - C:\WINDOWS\system32\drivers\DsArk.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2013-11-2 13:26:35(引導(dǎo))
O23 - 服務(wù): EfiMon (EfiSystemMon) - System32\Drivers\Efimon.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-21 18:45:8(系統(tǒng))
O23 - 服務(wù): HookPort (HookPort) - System32\Drivers\Hookport.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-4-21 21:22:20(引導(dǎo))
O23 - 服務(wù): HyperVM (HyperVM) - C:\WINDOWS\system32\drivers\hvm.sys?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:15:3(系統(tǒng))
O23 - 服務(wù): kguard (kguard) - system32\DRIVERS\kguard.sys?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-15 14:57:43(系統(tǒng))
O23 - 服務(wù): lsservice (lsservice) - C:\Program Files\XCFaXian\lssvr.exe?|$北京趣找電子商務(wù)有限公司?|?2014-6-26 14:5:28(自動)
O23 - 服務(wù): QQProtect (QQProtect) - C:\WINDOWS\system32\drivers\QQProtect.sys?|$Tencent Technology(Shenzhen) Company Limited?|?2014-5-8 17:32:44(系統(tǒng))
O23 - 服務(wù): qutmdserv (Quantum DeepScanner Servers) - system32\DRIVERS\qutmdrv.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-6-20 15:10:30(系統(tǒng))
O23 - 服務(wù): qutmipc (qutmipc) - C:\WINDOWS\system32\drivers\qutmipc.sys?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-14 10:46:24(系統(tǒng))
O23 - 服務(wù): rsdsys (rsd protect) - C:\WINDOWS\system32\drivers\protreg.sys?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-28 15:23:55(自動)
O23 - 服務(wù): RsMgrSvc (Rsd Service) - "C:\Program Files\Rising\RSD\RsMgrSvc.exe"?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-17 22:14:37(自動)
O23 - 服務(wù): RsRavMon (Rav Service) - "C:\Program Files\Rising\RAV\ravmond.exe"?|$Beijing Rising Information Technology Corporation Limited?|?2014-5-15 14:57:11(自動)
O23 - 服務(wù): rsutils (rsutils) - system32\DRIVERS\rsutils.sys?|$Beijing Rising Information Technology Corporation Limited?|?2013-11-27 8:0:20(系統(tǒng))
O23 - 服務(wù): stickynotes (stickynotes service) - "C:\Program Files\stickynotes\stickynotes.exe" -srv?|$Beijing Panshi Yongye Investment Co.,Ltd.?|?2014-7-4 14:41:8(自動)
O23 - 服務(wù): sysmon (sysmon) - system32\DRIVERS\sysmon.sys?|$Beijing Rising Information Technology Corporation Limited?|?2014-6-23 14:53:54(引導(dǎo))
O23 - 服務(wù): ZheziSrv (Zhezi Service) - "C:\Program Files\zhezi\app\zhezi\ZheziServiceMgr.exe" /asservice?|$北京精益求德科技有限公司?|?2014-7-4 18:4:12(手動)
O23 - 服務(wù): ZhuDongFangYu (主動防御) - "C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe"?|$Qihoo 360 Software (Beijing) Company Limited?|?2014-5-27 22:0:44(自動)
O29 - HKCU-Start Page = http://www.hao123.com/?tn=98868055_hao_pg
O29 - HKCU-Search Page = http://www.3600.com/?src=lm&ls=n290987998a
O29 - HKCU-Default_Page_URL = http://www.3600.com/?src=lm&ls=n290987998a
O29 - HKLM-Start Page = http://hao.360.cn/?1004
O29 - HKUS-Start Page = http://www.hao123.com/?tn=94104199_hao_pg
O34 - StartMenuInternet [2345Explorer.exe] = "C:\Program Files\2345Explorer\2345Explorer.exe"?|$X
O34 - StartMenuInternet [360SE.exe] = C:\Program Files\360\360se\360SE.exe?|$360.cn?|?2013-1-4 14:36:5
O34 - StartMenuInternet [BaiduBrowser.EXE] = "C:\Program Files\Baidu\BaiduBrowser\BaiduBrowser.exe"?|$X
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch
??? 2345智能瀏覽器.lnk -> C:\Program Files\2345Explorer\2345Explorer.exe http://www.hao123.com/?tn=98868055_hao_pg
??? 360安全衛(wèi)士.lnk -> C:\Program Files\360\360Safe\360Safe.exe
??? hao123_網(wǎng)址導(dǎo)航_Internet.lnk -> http://www.hao123.com/?tn=90618383_hao_pg
??? Inteent Exploror.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
??? Intronnt HaoDao.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
??? lentent Epxlroer.lnk -> http://www.3600.com/?src=lm&ls=n525187378f
??? 今日黃歷.lnk -> C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe
??? 折子購物.lnk -> C:\Program Files\zhezi\app\zhezi\zhezi.exe
??? 極速搶票入口.lnk -> http://www.hao123.com/?tn=93947501_hao_pg
??? 愛淘寶.lnk -> http://t.cn/Rv8Fg27
C:\Documents and Settings\Administrator\桌面
??? hao123_網(wǎng)址導(dǎo)航_Internet.lnk -> http://www.hao123.com/?tn=90618383_hao_pg
??? Internet?? Explorer.lnk -> http://www.hao123.com/?tn=97883556_hao_pg
??? Internet? Explorer.lnk -> http://www.hao123.com/?tn=97883556_hao_pg
??? 安全上網(wǎng)必備.lnk -> http://www.3600.com/?src=lm&ls=n799d887988
??? 極速搶票入口.lnk -> http://www.3600.com/?src=lm&ls=n7141871b8c
??? 淘寶.lnk -> http://ai.taobao.com/?pid=mm_43853062_4068309_23360394
C:\Documents and Settings\All Users\「開始」菜單
??? lentent Epxlroer.lnk -> http://www.3600.com/?src=lm&ls=n525187378f
??? 愛淘寶.lnk -> http://t.cn/Rv8Fg27
C:\Documents and Settings\All Users\桌面
??? Apabi Reader 4.5.lnk -> C:\Program Files\Founder\Apabi Reader 4.0\ApaReader.exe
??? Inteent Exploror.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
??? Intronnt HaoDao.lnk -> http://www.hao123.com/?tn=98868055_hao_pg
??? lentent Epxlroer.lnk -> http://www.3600.com/?src=lm&ls=n525187378f
.htm - "C:\Program Files\360\360se\360SE.exe" "%1"
.html - "C:\Program Files\360\360se\360SE.exe" "%1"
先把百度衛(wèi)士、百度瀏覽器、zhezi卸載了。
打開任務(wù)管理器,終止進程:
C:\Program Files\XCFaXian\lssvr.exe
C:\Program Files\yyfm0529\2014071008\yymusic05.exe
C:\Program Files\XCFaXian\XCFaXian.exe
C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe
C:\Documents and Settings\Administrator\Application Data\nlcal\nlcalQuick.exe
C:\Program Files\XCFaXian\XCFaXian.exe
停止并禁用服務(wù):
O23 - 服務(wù): SuperApps (SuperApps service) - C:\WINDOWS\system32\svchost.exe -k SuperApps |$M$ | 2008-6-2 8:0:0(自動)
刪除啟動項:
O4 - HKCU\..\run: [XCFaXian] "C:\Program Files\XCFaXian\XCFaXian.exe" /A
O4 - HKLM\..\run: [yyfm0529_2014071008] "C:\Program Files\yyfm0529\2014071008\yymusic05.exe" -mini
O4 - HKLM\..\run: [yyfm0529_News_2014071008] "C:\Program Files\yyfm0529\2014071008\YFMSever.exe" -mini
O4 - HKLM\..\run: [nlcal] C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe /start
瑞星集成了系統(tǒng)優(yōu)化功能,會檢測并列出一些可以優(yōu)化的項目,但不能對未檢測出的項目進行操作。
比如O23 - 服務(wù): SuperApps,瑞星沒列出來,用windows系統(tǒng)自帶的服務(wù)管理器無法禁用,用360衛(wèi)士則可以禁用。
?
然后清理這些惡意廣告圖標(biāo)及開始菜單項,重啟電腦,終于正常了。
?
附部分文件信息:
文件說明符 : C:\Program Files\yyfm0529\2014071008\YFMSever.exe
屬性 : A---
數(shù)字簽名:GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.
PE文件:是
語言 : 中文(中國)
文件版本 : 20.20.20.20
說明 : 音樂軟件相關(guān)
版權(quán) : 2014年編譯
產(chǎn)品版本 : 20.20.20.20
產(chǎn)品名稱 : 音樂軟件相關(guān)
公司名稱 : 音樂軟件相關(guān)
合法商標(biāo) :
內(nèi)部名稱 :
源文件名 :
創(chuàng)建時間 : 2014-6-6 1:53:56
修改時間 : 2014-6-6 1:53:56
大小 : 706192 字節(jié) 689.656 KB
MD5 : cc479a63384549b4727c5c261f86592a
SHA1: A3E0F2BC4C631170ED7A7E2793A3925E2F5E7320
CRC32: e0fbc0e7
文件說明符 : C:\Program Files\yyfm0529\2014071008\yymusic05.exe
屬性 : A---
數(shù)字簽名:GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.
PE文件:是
語言 : 中文(中國)
文件版本 : 1.14.529.1
說明 : 音樂FM
版權(quán) : Copyright (C) 2014
產(chǎn)品版本 : 1.14.529.1
產(chǎn)品名稱 : 音樂FM
公司名稱 : 音樂FM
內(nèi)部名稱 : MusicPla.exe
源文件名 : MusicPla.exe
創(chuàng)建時間 : 2014-6-6 1:53:58
修改時間 : 2014-6-6 1:53:58
大小 : 1979536 字節(jié) 1.909 MB
MD5 : eceba96738a53afb5284ca33b049d998
SHA1: 5965CA90BAB852CF6CF03E46AB1E2CBB8743EAA0
CRC32: 3ef1ef4c
文件說明符 : C:\Documents and Settings\All Users\Application Data\GBX2014710\GameBox.exe
屬性 : A---
數(shù)字簽名:否
PE文件:是
語言 : 中文(中國)
文件版本 : 1.1.14.6150
說明 : GameBox
版權(quán) : 版權(quán)所有 (C) 2013
產(chǎn)品版本 : 1.1.14.6150
產(chǎn)品名稱 : GameBox
內(nèi)部名稱 : GameBox
源文件名 : GameBox.exe
創(chuàng)建時間 : 2014-7-1 8:5:7
修改時間 : 2014-6-15 15:33:58
大小 : 477696 字節(jié) 466.512 KB
MD5 : 989d10106b1fd621936bde8b5160014c
SHA1: 363F54892C37D51BEA1026CD68917234409D6C73
CRC32: c042d084
?
文件說明符 : C:\Documents and Settings\Administrator\Application Data\nlcal\nlcal.exe
屬性 : A---
數(shù)字簽名:深圳億緯科技有限公司
PE文件:是
語言 : 中文(中國)
文件版本 : 1, 0, 0, 7
說明 : 今日黃歷 應(yīng)用程序
版權(quán) : 版權(quán)所有 (C) 2014
產(chǎn)品版本 : 1, 0, 0, 7
產(chǎn)品名稱 : nlcal 應(yīng)用程序
內(nèi)部名稱 : nlcal
源文件名 : nlcal.exe
創(chuàng)建時間 : 2014-7-10 8:4:58
修改時間 : 2014-7-10 8:4:58
大小 : 260208 字節(jié) 254.112 KB
MD5 : e9a0e8307595d972715cff739506ea2d
SHA1: 6A54F039EED7A98AB0BB70A58F789ED75334FF1C
CRC32: a4792813
文件說明符 : C:\Program Files\XCFaXian\lssvr.exe
屬性 : A---
數(shù)字簽名:北京趣找電子商務(wù)有限公司
PE文件:是
獲取文件版本信息大小失敗!
創(chuàng)建時間 : 2014-6-26 14:5:28
修改時間 : 2014-6-26 14:5:28
大小 : 766592 字節(jié) 748.640 KB
MD5 : 510ecaf617b6c71c14d9acec12007b6f
SHA1: 3EA45B408D2AE48293CB73E6D7AD45000EFFB4E8
CRC32: 61917e7f
?
總結(jié)
以上是生活随笔為你收集整理的瑞星杀毒软件、奇虎360杀毒软件、360卫士、百度卫士联手,搞不定弹出广告 恶意广告图标的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: python 首行:#-*-condin
- 下一篇: 瑞萨RCAR-M3N高温死机问题