【求助】qq.exe总是被自动删除 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】qq.exe总是被自动删除

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

【求助】qq.exe总是被自动删除

jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:	发表于： 2007-07-27 20:28 \| 只看楼主短消息资料字号：小中大 11楼 ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.> [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [PowerList Control] {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\WINDOWS\DOWNLO~1\POWERL~1.OCX, PPStream.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.> [Vod Class] {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD> [Vod Class] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei> [使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ表情] <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> ================================== 正在运行的进程 [PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [PID: 752 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [PID: 1048 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [PID: 1132 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [PID: 1204 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [PID: 1404 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 1496 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 1676 / SYSTEM][C:\WINDOWS\ATKKBService.exe] [ASUSTeK COMPUTER INC., 1, 0, 0, 0] [C:\WINDOWS\system32\jzcpri.dll] [N/A, ] [PID: 1884 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7124] [C:\WINDOWS\System32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7124] [PID: 2000 / yakee][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [PID: 1740 / yakee][C:\WINDOWS\System32\winamp.exe] [N/A, ] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [PID: 944 / yakee][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [PID: 1992 / yakee][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\System32\JPWB.IME] [常诚研制, 4.00.950] [PID: 1024 / yakee][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] [PID: 1352 / yakee][C:\Documents and Settings\yakee\桌面\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\System32\jzcpri.dll] [N/A, ] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1740, C:\WINDOWS\SYSTEM32\WINAMP.EXE] ================================== API HOOK N/A ================================== 隐藏进程 [1708] C:\WINDOWS\wuaurpl.exe [/CODE]
jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:

jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:	发表于： 2007-07-27 20:28 \| 只看楼主短消息资料字号：小中大 12楼辛苦各位大大了
jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:

gwlucker 快乐黄口狮帖子:202 注册: 2006-10-06 来自:	发表于： 2007-07-27 20:42 \| 短消息资料字号：小中大 13楼尝试删除以下东西(仅供参考...)能在SRENG里删的在里面删,不能的用冰刃删 <mClubclient.exe><C:\WINDOWS\System32\mClubclient.exe> [N/A] <flivnlg><; C:\Program Files\Common Files\Microsoft Shared\snladeb.exe> [N/A] <RavTask><; > [N/A] <Application Layer Gateway Service><C:\WINDOWS\System32\algs.exe> [N/A] <Winamp Agent><C:\WINDOWS\System32\winamp.exe> [] <wosa><C:\DOCUME~1\yakee\LOCALS~1\Temp\woso.exe> [N/A] <ztsa><C:\DOCUME~1\yakee\LOCALS~1\Temp\ztso.exe> [N/A] <rxsa><C:\DOCUME~1\yakee\LOCALS~1\Temp\rxso.exe> [N/A] <tlsa><C:\DOCUME~1\yakee\LOCALS~1\Temp\tlso.exe> [N/A] <zxsa><C:\DOCUME~1\yakee\LOCALS~1\Temp\zxso.exe> [N/A] <wlsa><C:\DOCUME~1\yakee\LOCALS~1\Temp\wlso.exe> [N/A] <wuaurpl><C:\WINDOWS\wuaurpl.exe> [Microsoft? Windows Defender 32Bit Driver] <Advanced DHTML Enable><; > [N/A] <Microsoft Internet Explorer><; > [N/A] <nlotveg><; > [N/A] <AppInit_DLLs><jzcpri.dll> [] <{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll> [] <{613AF41A-21B1-131B-1BFC-D2A90DF4A2B6}><C:\WINDOWS\System32\xyepri.dll> [] <{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\Kvsc32.dll> [N/A] <{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\System32\wdbpri.dll> [N/A] <{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll> [N/A] <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll> [N/A] <{259AFD5B-159F-ACD8-954C-ACD545FA6582}><C:\WINDOWS\System32\jzbpri.dll> [] <{359AFD5B-159F-ACD8-954C-ACD545FA6583}><C:\WINDOWS\System32\jzcpri.dll> [] 停止以下服务 [Local Service / Local Service][Running/Auto Start] <"C:\WINDOWS\wuaurpl.exe"><Microsoft? Windows Defender 32Bit Driver> [WMI Performance API / WMIApiSrv][Stopped/Auto Start] <C:\WINDOWS\System32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation> 删除[C:\WINDOWS\System32\jzcpri.dll] [N/A, ] C:\WINDOWS\SYSTEM32\WINAMP.EXE C:\WINDOWS\wuaurpl.exe 更新病毒库,安全模式下全盘杀毒
gwlucker 快乐黄口狮帖子:202 注册: 2006-10-06 来自:

jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:	发表于： 2007-07-28 09:28 \| 只看楼主短消息资料字号：小中大 14楼按照楼上大哥的方法尝试了好像不行特别是sreng发现的<AppInit_DLLs><jzcpri.dll> [] 无法删除即使是冰刀删除并安全模式全盘杀毒后仍然会自动生成我有没有其他能做的啊？
jimhot 初生襁褓狮帖子:22 注册: 2007-07-27 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT