机子中毒了，求救！！！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛机子中毒了，求救！！！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

机子中毒了，求救！！！

fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:	发表于： 2007-05-09 11:10 \| 只看楼主短消息资料字号：小中大 11楼 [PID: 1900][C:\Program Files\Microsoft Office 2003\OFFICE11\EXCEL.EXE] [Microsoft Corporation, 11.0.8117] [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8122] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 8, 1026] [D:\Program Files\Kingsoft\XDict\Cjktl32.dll] [N/A, ] [C:\Program Files\Microsoft Office 2003\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3275.0] [D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [Microsoft Corporation, 11.0.5510.0] [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll] [Microsoft Corporation, 11.0.5510.0] [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2014] [C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9972] [C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\1033\VBE6INTL.DLL] [Microsoft Corporation, 6.04.9759] [C:\Program Files\SupportSoft_Amer_Motorola\bin\sdcidle.dll] [SupportSoft, 1, 0, 0, 4] [PID: 2776][C:\Program Files\Microsoft Office 2003\OFFICE11\POWERPNT.EXE] [Microsoft Corporation, 11.0.8110] [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8122] [C:\Program Files\Microsoft Office 2003\OFFICE11\1033\ppintl.dll] [Microsoft Corporation, 11.0.6565] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 8, 1026] [D:\Program Files\Kingsoft\XDict\Cjktl32.dll] [N/A, ] [C:\Program Files\Microsoft Office 2003\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3275.0] [D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2014] [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [Microsoft Corporation, 11.0.5510.0] [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll] [Microsoft Corporation, 11.0.5510.0] [C:\Program Files\SupportSoft_Amer_Motorola\bin\sdcidle.dll] [SupportSoft, 1, 0, 0, 4] [PID: 820][C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll] [Adobe Systems Incorporated, 1.1.18] [C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll] [Adobe Systems Incorporated, 4.14.46] [C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll] [Adobe Systems Incorporated, 5.01.43] [C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll] [Adobe Systems Incorporated, 2.07.28] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 8, 1026] [D:\Program Files\Kingsoft\XDict\Cjktl32.dll] [N/A, ] [c:\program files\adobe\acrobat 7.0\reader\rdlang32.chs] [Adobe Systems Incorporated, 7.0.7.2006011300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.api] [Adobe Systems Incorporated, 7.0.7.2006011300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api] [Adobe Systems Incorporated, 7.0.7.2006011300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.api] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.api] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\IA32.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer.API] [Adobe Systems Inc., 7.0.0.41005] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\LegalPDF.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.api] [Adobe Systems Incorporated, 7.0.7.2006011300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.api] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search.api] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.api] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.api] [Adobe Systems Incorporated, 7.0.8.2006051600] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.api] [Adobe Systems Incorporated, 7.0.7.2006011300] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Xdict32.API] [N/A, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.CHS] [, ] [C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.CHS] [, ] [D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\SupportSoft_Amer_Motorola\bin\sdcidle.dll] [SupportSoft, 1, 0, 0, 4] [C:\Program Files\Adobe\Acrobat 7.0\Reader\ATL.DLL] [Microsoft Corporation, 3.00.8449] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [PID: 2804][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 8, 1026] [D:\Program Files\Kingsoft\XDict\Cjktl32.dll] [N/A, ] [C:\PROGRA~1\Yahoo!\ASSIST~1\YALIVE.DLL] [yahoo! china, 3, 6, 7, 1122] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 2, 1011] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~2.DLL] [yahoo! china, 3, 0, 6, 1008] [C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll] [Yahoo! China, 3, 0, 1, 1013] [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] [Yahoo! China, 3, 1, 8, 1023] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Microsoft Office 2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\SupportSoft_Amer_Motorola\bin\sdcidle.dll] [SupportSoft, 1, 0, 0, 4] [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 4.1 (32-bit)] [D:\Program Files\WinRAR\rarext.dll] [N/A, ] [PID: 936][D:\Datum\Tools Backup\Application Tools Backup\System security\SReng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 8, 1026] [D:\Program Files\Kingsoft\XDict\Cjktl32.dll] [N/A, ] [D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\SupportSoft_Amer_Motorola\bin\sdcidle.dll] [SupportSoft, 1, 0, 0, 4] ==================================
fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:

fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:	发表于： 2007-05-09 11:10 \| 只看楼主短消息资料字号：小中大 12楼 File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== API HOOK N/A ================================== Hidden Process N/A ==================================
fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:

过客2007 版主帖子:16652 注册: 2006-10-18 来自:¤懒神↗之家￡	发表于： 2007-05-09 11:25 \| 短消息资料字号：小中大 13楼惨不忍睹... <CSCLogonInfo><C:\WINDOWS\UsrLogon.exe> [] <CSCAdvantage><"C:\Program Files\Help Desk\CSCAdv.exe" /s> [] <Blocker><"C:\Program Files\Internet Explorer\Iereg.exe"> [] YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [(Verified)"beijing yahoo consulting and service co., ltd."] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [N/A] <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] <WinlogonNotify: IntelWireless><C:\Program Files\Intel\Wireless\Bin\LgNotify.dll> [Intel Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation> <D:\Profiles\Q19205\LOCALS~1\Temp\wt\wt.exe -R><N/A> <\SystemRoot\System32\DRIVERS\auxqvtzi.sys><N/A> <System32\DRIVERS\wATV03nt.sys><N/A> 瑞星卡卡助手,找到上面那些,把勾去掉,然后重启电脑. 看看有没有电脑好点?
过客2007 版主帖子:16652 注册: 2006-10-18 来自:¤懒神↗之家￡

fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:	发表于： 2007-05-09 11:53 \| 只看楼主短消息资料字号：小中大 14楼这位大大，瑞星卡卡上网安全助手已经装了，但是不知道怎么用卡卡找到上面那些啊？能指点指点吗，谢谢！ <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] 这些等被病毒感染了吗？
fangps 初生襁褓狮帖子:17 注册: 2007-05-04 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-05-09 12:25 \| 短消息资料字号：小中大 15楼 <CSCLogonInfo><C:\WINDOWS\UsrLogon.exe> [] <CSCAdvantage><"C:\Program Files\Help Desk\CSCAdv.exe" /s> [] 是某个软件的吧看着像 <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [N/A] 雅虎助手不叫病毒 <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] Windows media player 11的 <WinlogonNotify: IntelWireless><C:\Program Files\Intel\Wireless\Bin\LgNotify.dll> [Intel Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]应该也没问题一个是Intel得什么主板的东西一个是诺顿的
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

kkandy 初生襁褓狮帖子:1 注册: 2007-11-07 来自:	发表于： 2007-11-07 21:36 \| 短消息资料字号：小中大 16楼 <CSCLogonInfo><C:\WINDOWS\UsrLogon.exe> [] <CSCAdvantage><"C:\Program Files\Help Desk\CSCAdv.exe" /s> [] 你是moto的员工吧，这2个进程是公司的管理工具的一部分，CSC就是我们公司啦，就是你们所说的helpdesk，电脑有病毒大1300解决呀，或者拿到helpdesk那里去重装，要是拿给我，就不用重装，10分钟把你的系统优化好，我就是传说中的--阿杜--！！
kkandy 初生襁褓狮帖子:1 注册: 2007-11-07 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT