紧急··高手来帮忙· - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛紧急··高手来帮忙·

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[求助] 紧急··高手来帮忙·

若水有贤初生襁褓狮帖子:20 注册: 2008-07-13 来自:	发表于： 2008-07-13 14:55 \| 只看楼主短消息资料字号：小中大 1楼紧急··高手来帮忙· 开机后，绿色小伞变成红色小伞，启动监控等，无反映，现日志如下··请高手说的细一点，，用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7) 附件: 文件名:SREngLOG.log 下载次数:90 文件类型:application/octet-stream 文件大小: 上传时间:2008-7-13 14:54:44 描述:log
若水有贤初生襁褓狮帖子:20 注册: 2008-07-13 来自:	分享到：

音符１２初生襁褓狮帖子:50 注册: 2008-07-12 来自:	发表于： 2008-07-13 15:30 \| 短消息资料字号：小中大 2楼回复：紧急··高手来帮忙· 不了解,顶个
音符１２初生襁褓狮帖子:50 注册: 2008-07-12 来自:

QQ凌帆飘泊而立狮帖子:587 注册: 2006-07-07 来自:四川成都	发表于： 2008-07-13 15:31 \| 短消息资料字号：小中大 3楼回复：紧急··高手来帮忙· 你的日记看了你中的毒不少啊 <IFEO[360rpt.exe]><ntsd -d> [N/A]这些就是导致你杀毒软件不能用的原因你先用SREng软件先去掉启动项目--注册表--删除IFEO开头的就能打开杀软了
QQ凌帆飘泊而立狮帖子:587 注册: 2006-07-07 来自:四川成都

bluebin 健康舞勺狮帖子:263 注册: 2008-07-04 来自:福建厦门	发表于： 2008-07-13 16:05 \| 短消息资料字号：小中大 4楼回复: 紧急··高手来帮忙· 断开网络删除以下注册表项目 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <HBmhly><"C:\WINDOWS\system32\HBmhly.exe" -r> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> [] <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll> [] <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll> [] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> [] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll> [File is missing] <{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll> [] <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> [] <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll> [] <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [File is missing] <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <cliconfgzx.dll><> [N/A] <dpvvoxmh.dll><> [N/A] <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll> [File is missing] <catsrvwl.dll><> [N/A] <adsntzt.dll><> [N/A] <ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll> [File is missing] <tscfgwmijxsj.dll><> [N/A] <midimappt><> [N/A] <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing] 删除以下驱动项目 [2gkf6 / 2gkf67][Running/Boot Start] <\SystemRoot\System32\DRIVERS\2gkf67.sys><> [9dcf4a6429e9a9fc / 9dcf4a6429e9a9fc][Stopped/Manual Start] <\??\C:\9dcf4a6429e9a9fc.dat><N/A> [bpqcxby / bpqcxby][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\bpqcxby.sys><N/A> [byoprxa / byoprxa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\byoprxa.sys><N/A> [cabyopr / cabyopr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cabyopr.sys><N/A> [cxbyqpr / cxbyqpr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cxbyqpr.sys><N/A> [cxyqr / cxyqr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cxyqr.sys><N/A> [hxgo6gtuz / hxgo6gtuz7][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\hxgo6gtuz7.sys><N/A> [kc1 / kc1w][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\kc1w.sys><N/A> [qrxabzp / qrxabzp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\qrxabzp.sys><N/A> [rxabzpc / rxabzpc][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\rxabzpc.sys><N/A> [turol / turol][Stopped/Manual Start] <\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\_tmp.bat><N/A> [xayzpqa / xayzpqa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\xayzpqa.sys><N/A> [xboqpxa / xboqpxa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\xboqpxa.sys><N/A> [ybpqcxb / ybpqcxb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ybpqcxb.sys><N/A> [ybzqcab / ybzqcab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ybzqcab.sys><N/A> [yqprayb / yqprayb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yqprayb.sys><N/A> [yzpqaxb / yzpqaxb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yzpqaxb.sys><N/A> [zpqaxbo / zpqaxbo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zpqaxbo.sys><N/A> [zpqcxbo / zpqcxbo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zpqcxbo.sys><N/A> [zqcab / zqcab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zqcab.sys><N/A> [zqcabyo / zqcabyo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zqcabyo.sys><N/A> [raybp / raybp][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\raybp.sys><N/A> [yqrab / yqrab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yqrab.sys><N/A> [pcxyq / pcxyq][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\pcxyq.sys><N/A> 清理注册表加载项 [] {74381DEC-D78B-43E4-BA5D-5244F669EBE4} <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys, N/A> [] {74381DEC-D78B-43E4-BA5D-5244F669EBE4} <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys, N/A> 删除以下项目 [C:\WINDOWS\system32\tdfhex.dll] [C:\WINDOWS\system32\wrqszl.dll] [C:\WINDOWS\system32\wyhesm.dll] [C:\WINDOWS\system32\zefdst.dll] [C:\WINDOWS\system32\rfdswc.dll] [C:\WINDOWS\system32\hhrdxd.dll] [C:\WINDOWS\system32\sgdewg.dll] [C:\WINDOWS\system32\ddserh.dll] [C:\WINDOWS\system32\fsrgeb.dll] [C:\WINDOWS\system32\mfdesy.dll] [C:\WINDOWS\system32\jfrwdh.dll] [C:\WINDOWS\system32\jggtsr.dll] [C:\WINDOWS\system32\tdggrz.dll] [C:\WINDOWS\system32\tdffdl.dll] [C:\WINDOWS\system32\pedadt.dll] [C:\WINDOWS\system32\jhfrxz.dll] [C:\WINDOWS\system32\dndsaf.dll] [C:\WINDOWS\system32\fmcvxy.dll] 下载附件清理被ifeo劫持项重启计算机使用清理助手清理联网升级杀毒软件全盘查杀附件: 文件名:清理临时文件.rar 下载次数:144 文件类型:application/octet-stream 文件大小: 上传时间:2008-7-13 16:04:36 描述:rar 附件: 文件名:机器狗&映像劫持修复工具.rar 下载次数:182 文件类型:application/octet-stream 文件大小: 上传时间:2008-7-13 16:04:36 描述:rar 机会是自己争取的。
bluebin 健康舞勺狮帖子:263 注册: 2008-07-04 来自:福建厦门

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2008-07-13 16:19 \| 短消息资料字号：小中大 5楼回复: 紧急··高手来帮忙· 下载工具： XDelBox下载：见附件 windows清理助手下载：http://www.arswp.com/download.html 临时文件清理工具下载：见附件 ——————————————————————————————————————— 务必断开网络连接后再进行以下操作（个人推荐直接把网线拔掉）； ——————————————————————————————————————— 开始--运行--输入C:\WINDOWS\system32\dllcache--回车，找到ctfmon.exe、wuauclt.exe这两个文件，复制，粘贴到C:\WINDOWS\system32目录下，如果有提示对话框请选择“替换”或“是”； ——————————————————————————————————————— 使用XDelBox删除以下文件：使用前一定拔掉所有移动存储设备，将下面文件列表内容完整复制，然后打开XDelBox，在“待删除文件列表”下方空白框处右键，选择“剪贴板导入不检查路径”，勾选上方的“抑制再生”、“驱动安全删除模式”、“备份文件”，最后选择右键菜单的“立刻重启删除”。 C:\WINDOWS\system32\cliconfgzx.dll C:\WINDOWS\system32\dpvvoxmh.dll C:\WINDOWS\system32\kbdswjr.dll C:\WINDOWS\system32\catsrvwl.dll C:\WINDOWS\system32\adsntzt.dll C:\WINDOWS\system32\ksuserfy.dll C:\WINDOWS\system32\tscfgwmijxsj.dll C:\WINDOWS\system32\midimappt.dll C:\WINDOWS\system32\msobjstl.dll C:\WINDOWS\system32\imgutilhx2.dll C:\WINDOWS\System32\DRIVERS\2gkf67.sys C:\9dcf4a6429e9a9fc.dat C:\WINDOWS\system32\drivers\bpqcxby.sys C:\WINDOWS\system32\drivers\byoprxa.sys C:\WINDOWS\system32\drivers\cabyopr.sys C:\WINDOWS\system32\drivers\cxbyqpr.sys C:\WINDOWS\system32\drivers\cxyqr.sys C:\WINDOWS\System32\DRIVERS\hxgo6gtuz7.sys C:\WINDOWS\System32\DRIVERS\kc1w.sys C:\WINDOWS\system32\drivers\pxyzqa.sys C:\WINDOWS\system32\drivers\qaxboqp.sys C:\WINDOWS\system32\drivers\qrxabzp.sys C:\WINDOWS\system32\drivers\rxabzpc.sys C:\DOCUME~1\Owner\LOCALS~1\Temp\_tmp.bat C:\WINDOWS\system32\drivers\xayzpqa.sys C:\WINDOWS\system32\drivers\xboqpxa.sys C:\WINDOWS\system32\drivers\ybpqcxb.sys C:\WINDOWS\system32\drivers\ybzqcab.sys C:\WINDOWS\system32\drivers\yqprayb.sys C:\WINDOWS\system32\drivers\yzpqaxb.sys C:\WINDOWS\system32\drivers\zpqaxbo.sys C:\WINDOWS\system32\drivers\zpqcxbo.sys C:\WINDOWS\system32\drivers\zqcab.sys C:\WINDOWS\system32\drivers\zqcabyo.sys C:\WINDOWS\system32\drivers\raybp.sys C:\WINDOWS\system32\drivers\yqrab.sys C:\WINDOWS\system32\drivers\pcxyq.sys C:\WINDOWS\system32\DRIVERS\HBKernel.sys C:\WINDOWS\system32\e620nnpj9s.dll C:\WINDOWS\system32\tdfhex.dll C:\WINDOWS\system32\wrqszl.dll C:\WINDOWS\system32\wyhesm.dll C:\WINDOWS\system32\zefdst.dll C:\WINDOWS\system32\rfdswc.dll C:\WINDOWS\system32\hhrdxd.dll C:\WINDOWS\system32\sgdewg.dll C:\WINDOWS\system32\ddserh.dll C:\WINDOWS\system32\fsrgeb.dll C:\WINDOWS\system32\mfdesy.dll C:\WINDOWS\system32\jfrwdh.dll C:\WINDOWS\system32\jggtsr.dll C:\WINDOWS\system32\tdggrz.dll C:\WINDOWS\system32\tdffdl.dll C:\WINDOWS\system32\pedadt.dll C:\WINDOWS\system32\jhfrxz.dll C:\WINDOWS\system32\dndsaf.dll C:\WINDOWS\system32\fmcvxy.dll C:\WINDOWS\system32\HBmhly.exe C:\Documents and Settings\All Users\「开始」菜单\程序\启动\self.bat ——————————————————————————————————————— 重启计算机后会看到一个请选择要启动的操作系统的提示，倒计时5秒，第一个选项是你自己的Windows系统，第二个选项是XDelBox的Go XDelBox To Del Files，默认自动选择第二项，会进入类似DOS的界面，这期间什么操作都不用做，等待它自动运行即可，待病毒文件删除后会自动重启进入Windows系统，然后再按以下步骤操作： ——————————————————————————————————————— 1、找到c:\windows\regedit.exe,重命名文件名为123.exe,双击改名后的这个文件，进入注册表编辑器，删除以下注册表值项： [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <HBmhly> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{DC3D30AE-0380-4151-8934-EE98A34B0370}> <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}> <{00170017-0017-0017-0017-00170017BB15}> <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}> <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}> <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}> <{461D2AB4-29A5-45C2-9134-D52272D3DE38}> <{A9895933-6636-4281-BC58-EE6DE2AF96E3}> <{841529CB-7F77-4B99-A895-B5441E0D302F}> <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}> <{7914E0AA-ECCB-4311-B584-C49538227824}> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <cliconfgzx.dll> <dpvvoxmh.dll> <kbdswjr.dll> <catsrvwl.dll> <adsntzt.dll> <ksuserfy.dll> <tscfgwmijxsj.dll> <midimappt> <msobjstl.dll> <imgutilhx2.dll> 2、运行SRENG扫描工具，启动项目--注册表，除了<IFEO[Your Image File Name Here without a path]>这项外，删除其他所有<IFEO[…….exe]>这样的红色显示的IFEO劫持项 ——————————————————————————————————————— 运行SRENG扫描工具，选择【启动项目】-【服务】-【驱动程序】，将以下项删除： [2gkf6 / 2gkf67] [9dcf4a6429e9a9fc / 9dcf4a6429e9a9fc] [bpqcxby / bpqcxby] [byoprxa / byoprxa] [cabyopr / cabyopr] [cxbyqpr / cxbyqpr] [cxyqr / cxyqr] [hxgo6gtuz / hxgo6gtuz7] [kc1 / kc1w] [pxyzqa / pxyzqa] [qaxboqp / qaxboqp] [qrxabzp / qrxabzp] [rxabzpc / rxabzpc] [turol / turol] [xayzpqa / xayzpqa] [xboqpxa / xboqpxa] [ybpqcxb / ybpqcxb] [ybzqcab / ybzqcab] [yqprayb / yqprayb] [yzpqaxb / yzpqaxb] [zpqaxbo / zpqaxbo] [zpqcxbo / zpqcxbo] [zqcab / zqcab] [zqcabyo / zqcabyo] [raybp / raybp] [yqrab / yqrab] [pcxyq / pcxyq] [HBKernel Driver / HBKernel] ——————————————————————————————————————— 重启电脑，运行“临时文件清理工具”，全选所有项目，点击【立即清理】； ——————————————————————————————————————— 操作完毕后，请卸载杀软，删除杀软安装目录，重装杀软，联网升级到最新版本，全盘杀毒。附件: 文件名:XDelBox 1[1].7支持奥运版.rar 下载次数:173 文件类型:application/octet-stream 文件大小: 上传时间:2008-7-13 16:19:13 描述:rar 附件: 文件名:临时文件清理工具.rar 下载次数:157 文件类型:application/octet-stream 文件大小: 上传时间:2008-7-13 16:19:13 描述:rar 超级游戏迷最后编辑于 2008-07-13 16:30:14 打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

豪斯登堡新郎社区嘉宾帖子:4234 注册: 2007-11-09 来自:	发表于： 2008-07-13 16:24 \| 短消息资料字号：小中大 6楼回复：紧急··高手来帮忙· [复制到剪贴板] CODE: 启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <HBmhly><"C:\WINDOWS\system32\HBmhly.exe" -r> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> [] <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll> [] <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll> [] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> [] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll> [File is missing] <{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll> [] <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> [] <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll> [] <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [File is missing] <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <cliconfgzx.dll><> [N/A] <dpvvoxmh.dll><> [N/A] <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll> [File is missing] <catsrvwl.dll><> [N/A] <adsntzt.dll><> [N/A] <ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll> [File is missing] <tscfgwmijxsj.dll><> [N/A] <midimappt><> [N/A] <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe] <IFEO[360rpt.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] <IFEO[360Safe.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] <IFEO[360tray.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] <IFEO[adam.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe] <IFEO[AgentSvr.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe] <IFEO[AntiArp.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe] <IFEO[AppSvc32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] <IFEO[autoruns.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] <IFEO[avconsol.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe] <IFEO[avgrssvc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe] <IFEO[AvMonitor.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] <IFEO[avp.com]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] <IFEO[avp.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] <IFEO[CCenter.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe] <IFEO[ccSvcHst.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe] <IFEO[DrvAnti.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe] <IFEO[drwadins.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebscd.exe] <IFEO[drwebscd.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe] <IFEO[drwebupw.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] <IFEO[EGHOST.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe] <IFEO[FileDsty.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe] <IFEO[filemon.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe] <IFEO[FTCleanerShell.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe] <IFEO[FYFireWall.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe] <IFEO[GFRing3.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe] <IFEO[GFUpd.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe] <IFEO[GuardField.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe] <IFEO[HijackThis.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] <IFEO[IceSword.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] <IFEO[iparmo.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe] <IFEO[Iparmor.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe] <IFEO[isPwdSvc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] <IFEO[kabaload.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR] <IFEO[KaScrScn.SCR]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe] <IFEO[KASMain.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe] <IFEO[KASTask.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe] <IFEO[KAV32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe] <IFEO[KAVDX.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe] <IFEO[KAVPF.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe] <IFEO[KAVPFW.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe] <IFEO[KAVSetup.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe] <IFEO[KAVStart.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe] <IFEO[KISLnchr.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe] <IFEO[KMailMon.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe] <IFEO[KMFilter.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe] <IFEO[KPFW32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe] <IFEO[KPFW32X.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe] <IFEO[KPfwSvc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] <IFEO[KRegEx.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com] <IFEO[KRepair.com]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe] <IFEO[KsLoader.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp] <IFEO[KVCenter.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] <IFEO[KvDetect.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe] <IFEO[KvfwMcl.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] <IFEO[KVMonXP.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp] <IFEO[KVMonXP_1.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe] <IFEO[kvol.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe] <IFEO[kvolself.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp] <IFEO[KvReport.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp] <IFEO[KVScan.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe] <IFEO[KVSrvXP.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp] <IFEO[KVStub.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe] <IFEO[kvupload.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe] <IFEO[kvwsc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] <IFEO[KvXP.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp] <IFEO[KvXP_1.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe] <IFEO[KWatch.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe] <IFEO[KWatch9x.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe] <IFEO[KWatchX.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] <IFEO[MagicSet.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] <IFEO[mcconsol.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe] <IFEO[mmqczj.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] <IFEO[mmsk.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe] <IFEO[Navapsvc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe] <IFEO[Navapw32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] <IFEO[nod32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] <IFEO[nod32krn.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] <IFEO[nod32kui.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe] <IFEO[NPFMntor.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE] <IFEO[OllyDBG.EXE]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE] <IFEO[OllyICE.EXE]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] <IFEO[PFW.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] <IFEO[PFWLiveUpdate.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] <IFEO[procexp.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe] <IFEO[QHSET.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] <IFEO[QQDoctor.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe] <IFEO[QQDoctorMain.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe] <IFEO[QQKav.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] <IFEO[Ras.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravcopy.exe] <IFEO[ravcopy.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] <IFEO[RavMon.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe] <IFEO[RavMonD.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe] <IFEO[ravstub.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] <IFEO[RavTask.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavXP.exe] <IFEO[RavXP.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe] <IFEO[RawCopy.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe] <IFEO[RegClean.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] <IFEO[regedit.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe] <IFEO[regmon.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe] <IFEO[RegTool.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe] <IFEO[rfwcfg.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe] <IFEO[rfwmain.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe] <IFEO[rfwProxy.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe] <IFEO[rfwsrv.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe] <IFEO[rfwstub.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe] <IFEO[RsAgent.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsaupd.exe] <IFEO[rsaupd.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] <IFEO[runiep.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe] <IFEO[safelive.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] <IFEO[scan32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe] <IFEO[SelfUpdate.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe] <IFEO[shcfg32.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe] <IFEO[SmartUp.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe] <IFEO[spiderml.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe] <IFEO[spidernt.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe] <IFEO[spiderui.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spml_set.exe] <IFEO[spml_set.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] <IFEO[SREng.EXE]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe] <IFEO[symlcsvc.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe] <IFEO[SysSafe.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] <IFEO[taskmgr.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe] <IFEO[TrojanDetector.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe] <IFEO[Trojanwall.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] <IFEO[TrojDie.kxp]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe] <IFEO[UIHost.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe] <IFEO[UmxAgent.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe] <IFEO[UmxAttachment.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe] <IFEO[UmxCfg.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe] <IFEO[UmxFwHlp.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe] <IFEO[UmxPol.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe] <IFEO[UpLive.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] <IFEO[vsstat.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] <IFEO[webscanx.exe]><ntsd -d> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] <IFEO[WoptiClean.exe]><ntsd -d> [N/A] ================================== 启动文件夹 [self] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\self.bat --> [File is missing]><N> ================================== ================================== 驱动程序 [2gkf6 / 2gkf67][Running/Boot Start] <\SystemRoot\System32\DRIVERS\2gkf67.sys><> [9dcf4a6429e9a9fc / 9dcf4a6429e9a9fc][Stopped/Manual Start] <\??\C:\9dcf4a6429e9a9fc.dat><N/A> [bpqcxby / bpqcxby][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\bpqcxby.sys><N/A> [byoprxa / byoprxa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\byoprxa.sys><N/A> [cabyopr / cabyopr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cabyopr.sys><N/A> [cxbyqpr / cxbyqpr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cxbyqpr.sys><N/A> [cxyqr / cxyqr][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\cxyqr.sys><N/A> [hxgo6gtuz / hxgo6gtuz7][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\hxgo6gtuz7.sys><N/A> [kc1 / kc1w][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\kc1w.sys><N/A> [pxyzqa / pxyzqa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\pxyzqa.sys><N/A> [qaxboqp / qaxboqp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\qaxboqp.sys><N/A> [qrxabzp / qrxabzp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\qrxabzp.sys><N/A> [rxabzpc / rxabzpc][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\rxabzpc.sys><N/A> [turol / turol][Stopped/Manual Start] <\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\_tmp.bat><N/A> [xayzpqa / xayzpqa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\xayzpqa.sys><N/A> [xboqpxa / xboqpxa][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\xboqpxa.sys><N/A> [ybpqcxb / ybpqcxb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ybpqcxb.sys><N/A> [ybzqcab / ybzqcab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ybzqcab.sys><N/A> [yqprayb / yqprayb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yqprayb.sys><N/A> [yzpqaxb / yzpqaxb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yzpqaxb.sys><N/A> [zpqaxbo / zpqaxbo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zpqaxbo.sys><N/A> [zpqcxbo / zpqcxbo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zpqcxbo.sys><N/A> [zqcab / zqcab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zqcab.sys><N/A> [zqcabyo / zqcabyo][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\zqcabyo.sys><N/A> [raybp / raybp][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\raybp.sys><N/A> [yqrab / yqrab][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\yqrab.sys><N/A> [pcxyq / pcxyq][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\pcxyq.sys><N/A> [HBKernel Driver / HBKernel][Running/Boot Start] <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A> ================================== 浏览器加载项 [] {74381DEC-D78B-43E4-BA5D-5244F669EBE4} <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys, N/A> [] {74381DEC-D78B-43E4-BA5D-5244F669EBE4} <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys, N/A> ================================== 正在运行的进程 [C:\WINDOWS\system32\mfdesy.dll] [N/A, ] [C:\WINDOWS\system32\sgdewg.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [C:\WINDOWS\system32\rfdswc.dll] [N/A, ] [C:\WINDOWS\system32\ddserh.dll] [N/A, ] [C:\WINDOWS\system32\jfrwdh.dll] [N/A, ] [C:\WINDOWS\system32\jhfrxz.dll] [N/A, ] [C:\WINDOWS\system32\fsrgeb.dll] [N/A, ] [C:\WINDOWS\system32\pedadt.dll] [N/A, ] [C:\WINDOWS\system32\wyhesm.dll] [N/A, ] [C:\WINDOWS\system32\tdggrz.dll] [N/A, ] [C:\WINDOWS\system32\zefdst.dll] [N/A, ] [C:\WINDOWS\system32\dndsaf.dll] [N/A, ] [C:\WINDOWS\system32\tdffdl.dll] [N/A, ] [C:\WINDOWS\system32\fmcvxy.dll] [N/A, ] [C:\WINDOWS\system32\jggtsr.dll] [N/A, ] [C:\WINDOWS\system32\wrqszl.dll] [N/A, ] [C:\WINDOWS\system32\tdfhex.dll] [N/A, ] [C:\WINDOWS\system32\e620nnpj9s.dll] [N/A, ] [PID: 304 / Owner][C:\WINDOWS\system32\ctfmon.exe] [N/A, ] [PID: 2804 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [N/A, ] [PID: 2976 / Owner][C:\WINDOWS\system32\HBmhly.exe] [N/A, ] ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 304, C:\WINDOWS\SYSTEM32\CTFMON.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 420, C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\启动\SELF.BAT] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2804, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 2804, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2976, C:\WINDOWS\SYSTEM32\HBMHLY.EXE] ctfmon.exe 和 wuauclt.exe文件估计已经不正常去下载个正常的文件替换掉原本的注意替换文件时先在进程中结束对应进程不认识我没关系，因为我也不认识你。
豪斯登堡新郎社区嘉宾帖子:4234 注册: 2007-11-09 来自:

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2008-07-13 16:27 \| 短消息资料字号：小中大 7楼回复: 紧急··高手来帮忙· 请注意： 1、建议卸载杀软重装，不要偷懒； 2、操作完后，请立即到置顶帖打上flash漏洞补丁； 3、用杀软全盘杀毒前请不要运行任何可执行文件，之后暂时不要运行IE以外的任何可执行文件，怀疑此病毒有感染文件的功效，先忍一下吧。打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:	发表于： 2008-07-13 16:31 \| 短消息资料字号：小中大 8楼回复: 紧急··高手来帮忙· 浏览器加载项漏了，晕倒…… 打酱油的……
超级游戏迷卡卡技术团队帖子:25779 注册: 2007-01-14 来自:

若水有贤初生襁褓狮帖子:20 注册: 2008-07-13 来自:	发表于： 2008-07-13 16:53 \| 只看楼主短消息资料字号：小中大 9楼回复：紧急··高手来帮忙· 谢谢大家哦···问题完美解决了···谢谢瑞星···
若水有贤初生襁褓狮帖子:20 注册: 2008-07-13 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT