瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Adware.Win32.AdPop.a这个病毒清除不了啊,救救我啊

123   3  /  3  页   跳转

Adware.Win32.AdPop.a这个病毒清除不了啊,救救我啊

收藏
本主题由 技术团队 超级游戏迷 于 2008-8-27 18:14:32 执行 关闭主题/取消 操作
无脚的大鸟
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2008-08-27
  • 来自:
发表于: 2008-08-27 18:12 | 短消息 资料
字号: 21楼

回复: Adware.Win32.AdPop.a这个病毒清除不了啊,救救我啊

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4F4F0064-71E0-4f0d-0023-708476C7815F}><C:\WINDOWS\system32\midimapcq.dll>  [File is missing]
    <{4F4F0064-71E0-4f0d-0002-708476C7815F}><C:\WINDOWS\system32\midimapwm.dll>  [File is missing]
    <{4F4F0064-71E0-4f0d-0005-708476C7815F}><C:\WINDOWS\system32\midimapzx.dll>  [File is missing]
    <{4F4F0064-71E0-4f0d-0015-708476C7815F}><C:\WINDOWS\system32\midimapmy.dll>  [File is missing]
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><>  [N/A]
    <{22596546-2036-9451-6058-658402589722}><>  [N/A]
    <{4A069845-2036-6084-9054-6087502480A4}><>  [N/A]
    <{6A041F13-A111-12A3-B0CF-F99818AA68A6}><>  [N/A]
    <{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}><>  [N/A]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><>  [N/A]
    <{4FD45A54-9875-698F-E56E-65102358FDF4}><C:\WINDOWS\system32\apsgdjba.dll>  [File is missing]
    <{13FD5987-65D2-C58D-D87E-987451F12531}><>  [N/A]
    <{6C8D1401-A58D-A81C-CD24-A5915C4517C6}><C:\WINDOWS\system32\mnmhfsrv.dll>  [File is missing]
    <{528DF602-9541-A985-210A-984A698C6F25}><>  [N/A]
    <{81954FAC-1023-154F-895A-1458258AD818}><>  [N/A]
    <{4F4F0064-71E0-4f0d-0022-708476C7815F}><C:\WINDOWS\system32\midimapqn3.dll>  [File is missing]
    <{4F4F0064-71E0-4f0d-0004-708476C7815F}><C:\WINDOWS\system32\midimapwl.dll>  [File is missing]
    <{4F4F0064-71E0-4f0d-0017-708476C7815F}><C:\WINDOWS\system32\midimaptl.dll>  [File is missing]
    <{4A698102-5904-AFD0-20DF-CD1A65829CA4}><C:\WINDOWS\system32\zycbdime.dll>  [File is missing]
    <{8490415F-65F8-B5C5-D8BA-9405FB120548}><C:\WINDOWS\system32\yzzthmsn.dll>  [File is missing]
    <{33512378-9874-5641-1025-985420368733}><C:\WINDOWS\system32\oswxcttb.dll>  [File is missing]
    <{470165F1-9F65-569F-F895-F14F58F41074}><C:\WINDOWS\system32\lofsdjbo.dll>  [File is missing]
    <{14698742-2059-3025-9058-954023874141}><>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <midimapcq><C:\WINDOWS\system32\midimapcq.dll>  [File is missing]
    <midimapwm><C:\WINDOWS\system32\midimapwm.dll>  [File is missing]
    <midimapzx><C:\WINDOWS\system32\midimapzx.dll>  [File is missing]
    <midimapmy><C:\WINDOWS\system32\midimapmy.dll>  [File is missing]
    <midimapqn3><C:\WINDOWS\system32\midimapqn3.dll>  [File is missing]
    <midimapwl><C:\WINDOWS\system32\midimapwl.dll>  [File is missing]
    <midimaptl><C:\WINDOWS\system32\midimaptl.dll>  [File is missing]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
gototop
 
无脚的大鸟
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2008-08-27
  • 来自:
发表于: 2008-08-27 18:13 | 短消息 资料
字号: 22楼

回复: Adware.Win32.AdPop.a这个病毒清除不了啊,救救我啊

etup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <IFEO[rfwstub.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><TASKMAN.EXE>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tqat.exe]
    <IFEO[tqat.exe]><ntsd -d>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaSrv / C-DillaSrv][Running/Auto Start]
  <C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Lbkeybsc / Lbkeybsc][Running/Auto Start]
  <c:\lubansoft\lubankeyboard\Lbkeybsc.exe><>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
==================================
驱动程序
[ADProt / ADProt][Running/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技(深圳)有限公司>
[apcdli / apcdli][Running/Auto Start]
  <\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start]
  <System32\Drivers\cidcusb.sys><CIDC.>
[e62f5a205f48de19 / e62f5a205f48de19][Stopped/Manual Start]
  <\??\C:\e62f5a205f48de19.dat><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[IIS Manager  / IIS Manager ][Stopped/Manual Start]
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2008-08-27 18:14 | 短消息 资料
字号: 23楼

回复: Adware.Win32.AdPop.a这个病毒清除不了啊,救救我啊

楼上的,一年前的帖子你顶起来干啥!

有问题新开主题帖求助!日志请以附件方式上传!

本帖锁!
打酱油的……
gototop
 
<<上一主题|下一主题>>
123   3  /  3  页   跳转
页面顶部
Powered by Discuz!NT