查看: 4196|回复: 21
收起左侧

Trojan-Spy.win32.Agent.pn杀完还有(附上扫描报告)

[复制链接]
无名浪者
发表于 2007-5-19 19:26:24 | 显示全部楼层 |阅读模式
最近因为裸奔,电脑中了很多木马。个人已经用卡巴斯基杀了不少,但是还有两个,安全模式下用卡巴斯基杀完后,再重装了一次系统之后,还是有木马存在,望高手解决。

分别是这两个木马:trojan.win32.Qhost.jy和Trojan-Spy.win32.Agent.pn
  1. 2007-05-19,21:50:59
  2. System Repair Engineer 2.3.13.690
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows XP Professional Service Pack 1 (Build 2600)
  5. - 管理权限用户 - 完整功能
  6. 以下内容被选中:
  7.     所有的启动项目(包括注册表、启动文件夹、服务等)
  8.     浏览器加载项
  9.     正在运行的进程(包括进程模块信息)
  10.     文件关联
  11.     Winsock 提供者
  12.     Autorun.inf
  13.     HOSTS 文件

  14. 启动项目
  15. 注册表
  16. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  17.     <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
  18.     <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
  19. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  20.     <load><>  [N/A]
  21. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  22.     <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
  23.     <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
  24.     <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
  25.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
  26.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
  27.     <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
  28.     <AVP><"E:\Program Files\Kaspersky\avp.exe">  [Kaspersky Lab]
  29.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  31.     <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
  32.     <Userinit><c:\windows\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
  33. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  34.     <AppInit_DLLs><>  [N/A]
  35. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  36.     <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  38.     <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll>  [Kaspersky Lab]
  39. ==================================
  40. 启动文件夹
  41. N/A
  42. ==================================
  43. 服务
  44. [卡巴斯基互联网安全套装6.0 / AVP][Running/Auto Start]
  45.   <E:\Program Files\Kaspersky\avp.exe -r><Kaspersky Lab>
  46. [Human Interface Device Access / HidServ][Stopped/Disabled]
  47.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  48. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  49.   <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
  50. [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  51.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
  52. ==================================
  53. 驱动程序
  54. [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  55.   <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
  56. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  57.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  58. [basic2 / basic2][Stopped/Manual Start]
  59.   <System32\DRIVERS\HSF_BSC2.sys><Conexant>
  60. [Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  61.   <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
  62. [Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
  63.   <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
  64. [Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
  65.   <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
  66. [HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  67.   <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
  68. [HSF_DP / HSF_DP][Running/Manual Start]
  69.   <System32\DRIVERS\HSF_DP.sys><Conexant Systems>
  70. [hsf_msft / hsf_msft][Stopped/Manual Start]
  71.   <System32\DRIVERS\HSF_MSFT.sys><Conexant>
  72. [kl1 / kl1][Running/Boot Start]
  73.   <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
  74. [klif / klif][Running/System Start]
  75.   <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
  76. [mdmxsdk / mdmxsdk][Running/Auto Start]
  77.   <System32\DRIVERS\mdmxsdk.sys><Conexant>
  78. [nv / nv][Running/Manual Start]
  79.   <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  80. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  81.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  82. [Rksample / Rksample][Stopped/Manual Start]
  83.   <System32\DRIVERS\HSF_SAMP.sys><Conexant>
  84. [Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  85.   <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
  86. [Secdrv / Secdrv][Stopped/Manual Start]
  87.   <System32\DRIVERS\secdrv.sys><N/A>
  88. [Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
  89.   <system32\drivers\sfmanm.sys><Creative Technology Ltd.>
  90. [SiS AGP Filter / SISAGP][Running/Boot Start]
  91.   <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
  92. [SiSide / SiSide][Running/Boot Start]
  93.   <\SystemRoot\System32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
  94. [TSP / TSP][Stopped/Manual Start]
  95.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  96. [Conexant Setup API / UIUSys][Stopped/Manual Start]
  97.   <system32\drivers\UIUSys.sys><Conexant>
  98. [winachsf / winachsf][Running/Manual Start]
  99.   <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
  100. [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  101.   <\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
  102. ==================================
  103. 浏览器加载项
  104. [FGCatchUrl]
  105.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
  106. [macfed Class]
  107.   {CB7CA266-4479-4997-86AF-7554AA8A0AF4} <C:\WINDOWS\system32\NAVIGA~1.DLL, >
  108. [Web反病毒保护 统计]
  109.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\Program Files\Kaspersky\scieplugin.dll, Kaspersky Lab>
  110. [@shdoclc.dll,-866]
  111.   {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
  112. [快车]
  113.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
  114. [电台(&R)]
  115.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
  116. [快车(FlashGet)]
  117.   {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
  118. [FGCatchUrl]
  119.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <E:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
  120. [&使用网际快车下载]
  121.   <E:\Program Files\FlashGet\jc_link.htm, N/A>
  122. [&使用网际快车下载全部链接]
  123.   <E:\Program Files\FlashGet\jc_all.htm, N/A>
  124. [上传到QQ网络硬盘]
  125.   <E:\Program Files\qq\AddToNetDisk.htm, N/A>
  126. [添加到QQ自定义面板]
  127.   <E:\Program Files\qq\AddPanel.htm, N/A>
  128. [添加到QQ表情]
  129.   <E:\Program Files\qq\AddEmotion.htm, N/A>
  130. [添加至卡巴反横幅广告]
  131.   <E:\Program Files\Kaspersky\ie_banner_deny.htm, N/A>
  132. [用QQ彩信发送该图片]
  133.   <E:\Program Files\qq\SendMMS.htm, N/A>
  134. ==================================
  135. 正在运行的进程
  136. [PID: 476][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  137. [PID: 552][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  138. [PID: 576][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  139.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  140.     [C:\WINDOWS\System32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
  141. [PID: 620][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  142. [PID: 632][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  143. [PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  144. [PID: 848][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  145.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  146.     [E:\Program Files\Kaspersky\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
  147. [PID: 932][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  148. [PID: 992][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  149.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  150. [PID: 1244][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  151.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  152.     [E:\Program Files\Kaspersky\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  153.     [C:\WINDOWS\system32\NAVIGA~1.DLL]  [, 1, 0, 0, 1]
  154.     [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5303]
  155.     [C:\WINDOWS\System32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5303]
  156.     [C:\WINDOWS\System32\WMASF.DLL]  [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
  157.     [E:\Program Files\Kaspersky\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
  158.     [E:\Program Files\Kaspersky\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  159.     [E:\Program Files\Kaspersky\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  160.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
  161. [PID: 1312][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
  162. [PID: 1532][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.14]
  163.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  164. [PID: 1564][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
  165.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  166. [PID: 1592][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  167.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  168. [PID: 1604][C:\WINDOWS\System32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  169.     [C:\WINDOWS\System32\NVMCTRAY.DLL]  [NVIDIA Corporation, 6.14.10.5303]
  170.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  171. [PID: 360][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5303]
  172.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  173. [PID: 1916][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  174.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  175. [PID: 1660][E:\软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
  176.     [C:\WINDOWS\System32\uxtheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  177.     [E:\Program Files\Kaspersky\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
  178. ==================================
  179. 文件关联
  180. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  181. .EXE  OK. ["%1" %*]
  182. .COM  OK. ["%1" %*]
  183. .PIF  OK. ["%1" %*]
  184. .REG  OK. [regedit.exe "%1"]
  185. .BAT  OK. ["%1" %*]
  186. .SCR  OK. ["%1" /S]
  187. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  188. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  189. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  190. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  191. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  192. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  193. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  194. ==================================
  195. Winsock 提供者
  196. N/A
  197. ==================================
  198. Autorun.inf
  199. N/A
  200. ==================================
  201. HOSTS 文件
  202. 127.0.0.1       localhost
  203. ==================================
  204. API HOOK
  205. 警告!System Repair Engineer 提醒
  206. 你下面的函数内容与预期值不符,他
  207. 们可能被一些恶意的软件所修改:
  208. RVA  错误: LoadLibraryA
  209. RVA  错误: LoadLibraryExA
  210. RVA  错误: LoadLibraryExW
  211. RVA  错误: LoadLibraryW
  212. ==================================
复制代码

[ 本帖最后由 无名浪者 于 2007-5-20 16:08 编辑 ]
zhaonimm
发表于 2007-5-19 20:29:53 | 显示全部楼层
你杀毒是全盘杀吗?
你装完系统有没有开其它盘?
要是都没有的话 你找到那2个木马的文件 然后用这个删除 并选择抑制生成!!

还是不行的话 你用SRENG扫描个报告来把!

强力木马移除工具-费尔PowerRmv.rar

101.04 KB, 下载次数: 23

无名浪者
 楼主| 发表于 2007-5-19 21:54:18 | 显示全部楼层
搞到我头都大了,希望有高手帮下忙
wangjay1980
发表于 2007-5-19 23:02:57 | 显示全部楼层
你给出卡巴提示病毒的 路径和文件
无名浪者
 楼主| 发表于 2007-5-20 11:24:14 | 显示全部楼层
已检测到: 木马程序 Trojan.Win32.Qhost.jy        URL: http://up.yinlew.com:8080/myhosts.ini?p=1&t=1253071
已检测到: 木马程序 Trojan.Win32.Qhost.jy        URL: http://up.yinlew.com:8080/myhosts.ini?p=1&t=2453077
已检测到: 木马程序 Trojan.Win32.Qhost.jy        URL: http://up.yinlew.com:8080/myhosts.ini?p=1&t=3653082
已检测到: 木马程序 Trojan.Win32.Qhost.jy        URL: http://up.yinlew.com:8080/myhosts.ini?p=1&t=4853088
已检测到: 木马程序 Trojan.Win32.Qhost.jy        URL: http://up.yinlew.com:8080/myhosts.ini?p=1&t=6053093
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: C:\WINDOWS\System32\AlxRes070418.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: C:\WINDOWS\System32\winsys16_070418.dll
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: C:\WINDOWS\System32\winsys32_070418.dll
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: d:\myplayer.com//PE_Patch//UPack
已删除: 木马程序 Trojan.Win32.Qhost.jy        文件: C:\WINDOWS\system32\winttrs
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: C:\WINDOWS\system32\scrsys070418.scr//PE_Patch//UPack
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn        文件: C:\WINDOWS\system32\scrsys16_070418.scr
中翔
发表于 2007-5-20 12:25:16 | 显示全部楼层
建议装ewido把木马统统干掉!http://bbs.aikaba.com/viewthread.php?tid=3569&extra=page%3D1
pizai0
发表于 2007-5-20 12:53:02 | 显示全部楼层
这是本站会员shuihuorouqing
提供的解决办法...很实用....我已杀掉
下载一个叫unlocker的软件,很小的,用搜索引擎一找就能找到的,然后安装在任意目录。
C:\WINDOWS\system32 下找到病毒文件(文件应该是一个DLL文件,由字母和数字组成的,卡巴应该是能查到这个病毒但是删不了,可以在卡巴里找到这个病毒文件名),右击选择unlocker进行解锁(安装完那个软件后会在右键菜单上生成一个unlocker的菜单项)。然后就可以把病毒文件删除了。再进入C:\WINDOWS\system32\drivers 里找到×.sys文件(×跟之前那个文件同名,只是扩展名不一样)用同样的方法先解锁后删除。然后在运行里输入REGEDIT打开注册表编辑器,分别在
HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services
HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
下找到以病毒文件名命名的项并删除(这是删除病毒文件的注册项)
wangjay1980
发表于 2007-5-20 14:37:24 | 显示全部楼层
用这个和360进行一下清理,然后卸载QQ,最后再用卡巴查杀一遍

arswp.rar

1.38 MB, 下载次数: 14

wangjay1980
发表于 2007-5-20 14:39:29 | 显示全部楼层
用这个和360进行一下清理,然后卸载QQ,最后再用卡巴查杀一遍.

arswp.rar

1.38 MB, 下载次数: 12

无名浪者
 楼主| 发表于 2007-5-20 15:32:39 | 显示全部楼层
原帖由 中翔 于 2007-5-20 12:25 发表
建议装ewido把木马统统干掉!http://bbs.aikaba.com/viewthread.php?tid=3569&amp;extra=page%3D1




这个用过,但是查不出什么木马,倒是卡巴斯基就查出来不少
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 12:31 , Processed in 0.157718 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表