【求助】这毒怎么杀啊救命啊 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】这毒怎么杀啊救命啊

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】这毒怎么杀啊救命啊

clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	发表于： 2007-07-26 00:57 \| 只看楼主短消息资料字号：小中大 1楼【求助】这毒怎么杀啊救命啊最近中了个毒只要点EXE文件就出一个1.ii的文件弄的很多东西都不能用了这个毒怎么杀呢郁闷死了 [CODE] 2007-07-26,00:38:24 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <DAEMON Tools><"D:\工具\4.09虚拟光驱\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <switch><c:\windows\system32\壁纸自动换.exe> [] <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."] <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <ShStatEXE><"D:\工具\卖咖啡\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <McAfeeUpdaterUI><"D:\工具\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 2007-07-26 11:24:43
clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	分享到：

clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	发表于： 2007-07-26 01:03 \| 只看楼主短消息资料字号：小中大 2楼服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [McAfee Framework 服务 / McAfeeFramework][Running/Auto Start] <D:\工具\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield][Paused/Auto Start] <"D:\工具\卖咖啡\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager][Running/Auto Start] <"D:\工具\卖咖啡\VsTskMgr.exe"><Network Associates, Inc.> [Win32 Debug Service / MSDebugsvc][Stopped/Auto Start] <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation> [Remote Debug Service / RemoteDbg][Stopped/Auto Start] <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation> [易玩通 / 易玩通][Stopped/Auto Start] <><N/A> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [AliIde / AliIde][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.> [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] <System32\DRIVERS\amdk8.sys><Advanced Micro Devices> [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [BdGuard / BdGuard][Running/Boot Start] <\SystemRoot\system32\drivers\BDGuard.SYS><> [CmdIde / CmdIde][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.> [CnsMinKP / CnsMinKP][Running/Boot Start] <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件（北京）有限公司> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.> [NaiAvFilter1 / NaiAvFilter1][Running/Manual Start] <system32\drivers\naiavf5x.sys><Network Associates, Inc.> [NaiAvTdi1 / NaiAvTdi1][Running/System Start] <system32\drivers\mvstdi5x.sys><Network Associates, Inc.> [ngsbogog / ngsbogog][Running/Boot Start] <\SystemRoot\\SystemRoot\System32\drivers\ngsbogog.sys><N/A> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.> [nv / nv][Stopped/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [NVATABUS / NVATABUS][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [R2A / R2A][Stopped/Disabled] <\??\C:\WINDOWS\system32a2.sys><N/A> [EntDrv51 / EntDrv51][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc> ================================== 浏览器加载项 [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BT\BitComet\tools\BitCometBHO.dll, BitComet> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [CnsHook Class] {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, 国风因特软件（北京）有限公司> [Yahoo 3.5G电邮] {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A> [名品折扣] {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A> [雅虎助手] {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A> [雅虎WIDGET] {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A> [情景聊天] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A> [IE搜索工具条] {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BT\BitComet\tools\BitCometBHO.dll, BitComet> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [AutoLive] {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 国风因特软件（北京）有限公司> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [IE搜索工具条] {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A> [CnsHook Class] {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, 国风因特软件（北京）有限公司> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [SrchHook Class] {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A> [&使用BitComet下载] <res://D:\工具\BT\BitComet\BitComet.exe/AddLink.htm, N/A> [&使用BitComet下载全部链接] <res://D:\工具\BT\BitComet\BitComet.exe/AddAllLink.htm, N/A> [&使用BitComet下载本页视频] <res://D:\工具\BT\BitComet\BitComet.exe/AddVideo.htm, N/A> [使用迅雷下载] <C:\Program Files\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下载全部链接] <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:

clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	发表于： 2007-07-26 01:06 \| 只看楼主短消息资料字号：小中大 3楼 ================================== 正在运行的进程 [PID: 516 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 604 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 652 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 664 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 816 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504] [PID: 828 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 912 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 988 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)] [PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1080 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504] [C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146] [PID: 1220 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1384 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\DOWNLO~1\cnshook.dll] [国风因特软件（北京）有限公司, 2.5.1.6] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [D:\工具\卖咖啡\shext.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [D:\工具\BT\BitComet\tools\BitCometBHO.dll] [BitComet, 20061129] [C:\PROGRA~1\baidu\bar\baidubar.dll] [Baidu.com, Inc., 2, 0, 2, 144] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 1492 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 1688 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [国风因特软件（北京）有限公司, 2.5.0.5] [C:\WINDOWS\DOWNLO~1\cnsio.dll] [国风因特软件（北京）有限公司, 2.5.0.4] [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll] [国风因特软件（北京）有限公司, 2.5.0.4] [PID: 292 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 368 / SYSTEM][D:\工具\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\PsApi.dll] [Microsoft Corporation, 4.00] [D:\工具\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 452 / SYSTEM][D:\工具\卖咖啡\Mcshield.exe] [Network Associates, Inc., 8.0.0.251] [D:\工具\卖咖啡\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251] [D:\工具\卖咖啡\FTL.Dll] [Network Associates, Inc., 8.0.0.135] [D:\工具\卖咖啡\naiann.dll] [Network Associates, Inc., 8.0.0.251] [D:\工具\卖咖啡\mytilus.dll] [Network Associates, Inc., 8.0.0.251] [D:\工具\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\卖咖啡\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342] [D:\工具\卖咖啡\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342] [D:\工具\卖咖啡\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251] [D:\工具\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\卖咖啡\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277] [C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0] [PID: 504 / SYSTEM][D:\工具\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.5.0.412] [D:\工具\COMMON~1\nailog.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\COMMON~1\naXML.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\COMMON~1\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\卖咖啡\VsPlugin.dll] [Network Associates, Inc., 8.0.0.912] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 560 / SYSTEM][C:\WINDOWS\system\internat.exe] [N/A, ] [PID: 540 / SYSTEM][D:\工具\卖咖啡\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\naiwmain.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\naicondl.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\MIDUtil.Dll] [McAfee, Inc., 8.0.0.152] [PID: 1796 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [PID: 1556 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 52]
clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:

clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	发表于： 2007-07-26 01:06 \| 只看楼主短消息资料字号：小中大 4楼 [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [PID: 1580 / Administrator][D:\工具\卖咖啡\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\naiwmain.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251] [D:\工具\卖咖啡\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912] [D:\工具\卖咖啡\Graphics.dll] [Network Associates, Inc., 8.0.0.912] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [PID: 1612 / Administrator][D:\工具\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474] [D:\工具\Common Framework\0804\UpdRes.dll] [Network Associates, Inc., 3.5.0.412] [D:\工具\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [D:\工具\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [PID: 1764 / Administrator][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [PID: 2072 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2172 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [PID: 2188 / Administrator][D:\工具\4.09虚拟光驱\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.09.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.09.1.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.02.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.22.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0] [D:\工具\4.09虚拟光驱\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [PID: 3408 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)] [PID: 1972 / Administrator][D:\工具\傲游\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 2, 1360] [D:\工具\傲游\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 50] [D:\工具\傲游\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 119] [D:\工具\傲游\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 3356] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [D:\工具\傲游\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 200] [D:\工具\傲游\Maxthon2\maxzlib.dll] [, 1.2.3] [D:\工具\傲游\Maxthon2\mxtool.dll] [, 1, 0, 0, 1] [D:\工具\傲游\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 62] [C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [D:\工具\卖咖啡\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955] [D:\工具\卖咖啡\mytilus.dll] [Network Associates, Inc., 8.0.0.251] [D:\工具\卖咖啡\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22] [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950] [PID: 176 / Administrator][D:\工具\1.ii\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件（北京）有限公司, 2.5.1.0] [D:\工具\1.ii\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] OPEN=setup.exe shellexecute=setup.exe shell\打开(&O)\command=setup.exe [D:\] [AutoRun] OPEN=setup.exe shellexecute=setup.exe shell\打开(&O)\command=setup.exe [E:\] [AutoRun] OPEN=setup.exe shellexecute=setup.exe shell\打开(&O)\command=setup.exe [F:\] [AutoRun] OPEN=setup.exe shellexecute=setup.exe shell\打开(&O)\command=setup.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 1580, D:\工具\卖咖啡\SHSTAT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1580, D:\工具\卖咖啡\SHSTAT.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1612, D:\工具\COMMON FRAMEWORK\UPDATERUI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1612, D:\工具\COMMON FRAMEWORK\UPDATERUI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1764, C:\PROGRAM FILES\COMMON FILES\NETWORK ASSOCIATES\TALKBACK\TBMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1764, C:\PROGRAM FILES\COMMON FILES\NETWORK ASSOCIATES\TALKBACK\TBMON.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1972, D:\工具\傲游\MAXTHON2\MAXTHON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1972, D:\工具\傲游\MAXTHON2\MAXTHON.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:

clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:	发表于： 2007-07-26 11:13 \| 只看楼主短消息资料字号：小中大 5楼 HELP~~~~~
clf1988886 初生襁褓狮帖子:5 注册: 2007-07-26 来自:

对牛弹琴初生襁褓狮帖子:31 注册: 2006-06-17 来自:	发表于： 2007-07-26 11:35 \| 短消息资料字号：小中大 6楼我现在是瑞星和360都开着，也没有发现什么问题呀？各们高手帮忙看看是怎么回事呀、谢谢了
对牛弹琴初生襁褓狮帖子:31 注册: 2006-06-17 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT