小女急请各位大哥救命啊~ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛小女急请各位大哥救命啊~

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

3 / 5 页

跳转页

小女急请各位大哥救命啊~

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:16 \| 只看楼主短消息资料字号：小中大 21楼 [H:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [E:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll] [　, 1, 0, 0, 17] [e:\Program Files\Thunder Network\WebThunder\iEmbed09.dll] [　, 3, 3, 0, 78] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [H:\WINDOWS\system32\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [H:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [H:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCTIP.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMECFM.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMELM.DLL] [Microsoft Corporation, 12.0.4518.1014] [PID: 116][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0] [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370] [C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [C:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1] [c:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [C:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1] [C:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1] [C:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ] [C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ] [C:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, ] [C:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, ] [C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1] [H:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ] [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:16 \| 只看楼主短消息资料字号：小中大 22楼 [C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ] [C:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [H:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Tencent\QQ\VPortal.dll] [, 1, 0, 0, 4] [C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ] [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [C:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160] [C:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ] [H:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2] [C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240] [C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ] [C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ] [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 92] [H:\WINDOWS\system32\IMSC12.IME] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL] [Microsoft Corporation, 12.0.4518.1014] [H:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMELM.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5] [PID: 388][c:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [c:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 3252][H:\Documents and Settings\gtozhouhang\桌面\McAfee-v8.0_chs\Setup.exe] [Netopsystems AG, 2, 3, 0, 2] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 1504][H:\DOCUME~1\GTOZHO~1\LOCALS~1\Temp\McAfee VirusScan Enterprise 80\setupvse.exe] [McAfee, Inc., 8.0.0.912] [PID: 2116][H:\WINDOWS\system32\msiexec.exe] [Microsoft Corporation, 3.1.4000.1823] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [PID: 2916][H:\WINDOWS\system32\MsiExec.exe] [Microsoft Corporation, 3.1.4000.1823] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [PID: 996][H:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:17 \| 只看楼主短消息资料字号：小中大 23楼 [PID: 2964][H:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412] [H:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474] [H:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [H:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474] [H:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] [Network Associates, Inc., 3.5.0.412] [H:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [H:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [PID: 2216][H:\Program Files\Network Associates\VirusScan\shstat.exe] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251] [H:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912] [H:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 432][C:\tt\TTPlayer.exe] [Alen Soft, 5, 0, 0, 0] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\tt\ttpcomm.dll] [N/A, ] [C:\tt\ttpres.dll] [Alen Soft, 5, 0, 0, 0] [C:\tt\msdmo.dll] [Microsoft Corporation, 6.03.01.0400] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ] [C:\tt\AddIn\ttp_lrcsh.dll] [N/A, ] [H:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [H:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [H:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [H:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [H:\Documents and Settings\gtozhouhang\桌面\sreng2\3.com] [Smallfrogs Studio, 2.4.12.806] [H:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [H:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [H:\WINDOWS\system32\gsompq.dll] [N/A, ] [H:\WINDOWS\system32\rzrznc.dll] [N/A, ]
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:18 \| 只看楼主短消息资料字号：小中大 24楼文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [E:\] [AutoRun] open=rxmoefa.exe shell\open=打开(&O) shell\open\Command=rxmoefa.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=rxmoefa.exe [F:\] [AutoRun] open=rxmoefa.exe shell\open=打开(&O) shell\open\Command=rxmoefa.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=rxmoefa.exe [G:\] [AutoRun] open=rxmoefa.exe shell\open=打开(&O) shell\open\Command=rxmoefa.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=rxmoefa.exe [H:\] [AutoRun] open=rxmoefa.exe shell\open=打开(&O) shell\open\Command=rxmoefa.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=rxmoefa.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK N/A ================================== 隐藏进程 N/A
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:20 \| 只看楼主短消息资料字号：小中大 25楼全部发上来了，哎呀没想到还是以体力活，不过发着痛快各位大哥多多帮帮忙阿！~~小女子这厢有礼了！
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-05-24 10:22 \| 短消息资料字号：小中大 26楼 open=rxmoefa.exe shell\open=打开(&O) shell\open\Command=rxmoefa.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=rxmoefa.exe 又是这些哎 IFEO的东西
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:25 \| 只看楼主短消息资料字号：小中大 27楼哦？那该怎么做呢？
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

303266474 锋芒艾服狮帖子:1188 注册: 2006-07-17 来自:	发表于： 2007-05-24 10:34 \| 短消息资料字号：小中大 28楼启动你扫描的软件,启动项目=>注册表选中 <cmdbcs><H:\WINDOWS\cmdbcs.exe> [] <mppds><H:\WINDOWS\mppds.exe> [] <upxdnd><H:\DOCUME~1\GTOZHO~1\LOCALS~1\Temp\upxdnd.exe> [N/A] 删除重新启动,进入安全模式,显示隐藏文件,删除上述对应文件. 开始=>运行=>输入"regedit"展开 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 除默认,全部删除. 打开"我的电脑",搜索"rxmoefa.exe",找到后删除. 右键打开E;,D,F盘找到Autorun.inf删除. 可能,大概还需要下威金专杀试试
303266474 锋芒艾服狮帖子:1188 注册: 2006-07-17 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 10:54 \| 只看楼主短消息资料字号：小中大 29楼其中只有你说的<upxdnd><H:\DOCUME~1\GTOZHO~1\LOCALS~1\Temp\upxdnd.exe> [N/A] 另两个没有
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:	发表于： 2007-05-24 11:01 \| 只看楼主短消息资料字号：小中大 30楼哦刚才被**删除了那两项
受伤的孩子初生襁褓狮帖子:31 注册: 2007-05-24 来自:

<<上一主题|下一主题>>

3 / 5 页

跳转页

页面顶部

Powered by Discuz!NT