瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

1   1  /  1  页   跳转

[求助] 中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

收藏
black1111
头像
初生襁褓狮
  • 帖子:44
  • 注册: 2006-10-21
  • 来自:
发表于: 2009-01-06 22:25 | 只看楼主 短消息 资料
字号: 1楼

中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

看到有anyone360.exe木马,
高手再帮看看日志!
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wxClient><C:\WINDOWS\system32\Clsmn.exe>  []
    <Startwd><rundll32.exe C:\WINDOWS\system32\wd1231.dll,Hook>  []
    <HBService32><System.exe>  [HB Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <WIAWizardMenu><RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Alcmtr><anyone360.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\riigm.bat,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBZHUXIAN.dll,HBWOW.dll,HBKDXY.dll,HBCHIBI.dll,mgijopgl.dll,niljachi.dll,lidbodac.dll,HBSO2.dll,oeoanbfa.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><C:\WINDOWS\system32\LogUser.dll>  []
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{5A041F13-A111-12A4-B0CF-F99818AA68A5}><C:\WINDOWS\system32\artlbbdll.dll>  []
    <{5A041F13-A111-12B3-B0CF-F99818AA68A5}><C:\WINDOWS\system32\arjxsjdll.dll>  []
    <{60238905-B573-4F05-A35F-298518F4EBD2}><C:\WINDOWS\system32\mgijopgl.dll>  []
<{7253AC12-39C3-4A36-89E5-F4134A1D9536}><C:\WINDOWS\system32\niljachi.dll>  []
    <{52DB8DAC-95E2-422D-A43F-8618DF5E0A5F}><C:\WINDOWS\system32\lidbodac.dll>  []
    <{8E8A7BFA-1658-471F-8728-649435007520}><C:\WINDOWS\system32\oeoanbfa.dll>  []
    <{E272EA87-B798-41A7-BEC2-EA47162995CC}><C:\Program Files\Internet Explorer\JnoomNt64.x86>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <60238905><C:\WINDOWS\system32\mgijopgl.dll>  []
    <7253AC12><C:\WINDOWS\system32\niljachi.dll>  []
    <52DB8DAC><C:\WINDOWS\system32\lidbodac.dll>  []
    <8E8A7BFA><C:\WINDOWS\system32\oeoanbfa.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.exe]
    <IFEO[ACKWIN32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.exe]
    <IFEO[ANTI-TROJAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti.exe]
    <IFEO[anti.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivir.exe]
    <IFEO[antivir.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atrack.exe]
    <IFEO[atrack.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.exe]
    <IFEO[AUTODOWN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe]
    <IFEO[AVCONSOL.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.exe]
    <IFEO[AVE32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.exe]
    <IFEO[AVGCTRL.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avk.exe]
    <IFEO[avk.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.exe]
    <IFEO[AVKSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.exe]
    <IFEO[AVPUPD.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.exe]
    <IFEO[AVSCHED32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe]
    <IFEO[avsynmgr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.exe]
    <IFEO[AVWIN95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxonsol.exe]
    <IFEO[avxonsol.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.exe]
    <IFEO[BLACKD.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.exe]
    <IFEO[BLACKICE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.exe]
    <IFEO[CFIADMIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.exe]
    <IFEO[CFIAUDIT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIND.exe]
    <IFEO[CFIND.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe]
    <IFEO[cfinet.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe]
    <IFEO[cfinet32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.exe]
    <IFEO[CLAW95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CT.exe]
    <IFEO[CLAW95CT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.exe]
    <IFEO[CLEANER.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.exe]
    <IFEO[CLEANER3.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DAVPFW.exe]
    <IFEO[DAVPFW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dbg.exe]
    <IFEO[dbg.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\debu.exe]
    <IFEO[debu.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95.exe]
    <IFEO[DV95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95_O.exe]
    <IFEO[DV95_O.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.exe]
    <IFEO[DVP95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.exe]
    <IFEO[ECENGINE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFINET32.exe]
  ptions\explorewclass.exe]

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 
black1111
头像
初生襁褓狮
  • 帖子:44
  • 注册: 2006-10-21
  • 来自:
发表于: 2009-01-06 22:27 | 只看楼主 短消息 资料
字号: 2楼

回复:中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

<IFEO[explorewclass.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.exe]
    <IFEO[F-AGNT95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.exe]
    <IFEO[F-PROT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe]
    <IFEO[f-prot95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe]
    <IFEO[f-stopw.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.exe]
    <IFEO[FINDVIRU.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fir.exe]
    <IFEO[fir.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe]
    <IFEO[fp-win.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.exe]
    <IFEO[FRW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.exe]
    <IFEO[IAMAPP.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.exe]
    <IFEO[IAMSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.exe]
    <IFEO[IBMASN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.exe]
    <IFEO[IBMAVSP.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ice.exe]
    <IFEO[ice.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.exe]
    <IFEO[ICLOAD95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.exe]
    <IFEO[ICLOADNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMOON.exe]
    <IFEO[ICMOON.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSSUPPNT.exe]
    <IFEO[ICSSUPPNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iom.exe]
    <IFEO[iom.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe]
    <IFEO[iomon98.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JED.exe]
    <IFEO[JED.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kabackreport.exe]
    <IFEO[Kabackreport.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kasmain.exe]
    <IFEO[Kasmain.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
    <IFEO[kav32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
    <IFEO[kpfwsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
    <IFEO[KPPMain.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRF.exe]
    <IFEO[KRF.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVPreScan.exe]
    <IFEO[KVPreScan.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
    <IFEO[kwatch.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lamapp.exe]
    <IFEO[lamapp.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe]
    <IFEO[lockdown2000.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.exe]
    <IFEO[LOOKOUT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe]
gototop
 
black1111
头像
初生襁褓狮
  • 帖子:44
  • 注册: 2006-10-21
  • 来自:
发表于: 2009-01-06 22:27 | 只看楼主 短消息 资料
字号: 3楼

回复:中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

<IFEO[luall.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUCOMSERVER.exe]
    <IFEO[LUCOMSERVER.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcafee.exe]
    <IFEO[mcafee.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoft.exe]
    <IFEO[microsoft.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mon.exe]
    <IFEO[mon.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moniker.exe]
    <IFEO[moniker.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.exe]
    <IFEO[MOOLIVE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.exe]
    <IFEO[MPFTRAY.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ms.exe]
    <IFEO[ms.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32ACAN.exe]
    <IFEO[N32ACAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
    <IFEO[navapsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
    <IFEO[navapw32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.exe]
    <IFEO[NAVLU32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe]
    <IFEO[NAVNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe]
    <IFEO[navrunr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSCHED.exe]
    <IFEO[NAVSCHED.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW.exe]
    <IFEO[NAVW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.exe]
    <IFEO[NAVW32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe]
    <IFEO[navwnt.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe]
    <IFEO[nisserv.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe]
    <IFEO[nisum.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMAIN.exe]
    <IFEO[NMAIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.exe]
    <IFEO[NORMIST.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton.exe]
    <IFEO[norton.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.exe]
    <IFEO[NUPGRADE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.exe]
    <IFEO[NVC95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTPOST.exe]
    <IFEO[OUTPOST.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PADMIN.exe]
    <IFEO[PADMIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.exe]
    <IFEO[PAVCL.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc.exe]
    <IFEO[pcc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCClient.exe]
    <IFEO[PCCClient.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe]
    <IFEO[pccguide.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe]
    <IFEO[pcciomon.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe]
    <IFEO[pccmain.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe]
    <IFEO[pccwin98.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.exe]
    <IFEO[PCFWALLICON.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.exe]
    <IFEO[PERSFW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PpPpWallRun.exe]
    <IFEO[PpPpWallRun.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\program.exe]
    <IFEO[program.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prot.exe]
    <IFEO[prot.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe]
    <IFEO[pview95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
    <IFEO[ras.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.exe]
    <IFEO[RAV7.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe]
    <IFEO[rav7win.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
gototop
 
black1111
头像
初生襁褓狮
  • 帖子:44
  • 注册: 2006-10-21
  • 来自:
发表于: 2009-01-06 22:27 | 只看楼主 短消息 资料
字号: 4楼

回复:中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

<IFEO[RavMon.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
    <IFEO[regedit.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe]
    <IFEO[rescue32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfw.exe]
    <IFEO[Rfw.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rn.exe]
    <IFEO[rn.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe]
    <IFEO[safeweb.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe]
    <IFEO[scam32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan.exe]
    <IFEO[scan.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe]
    <IFEO[SCAN32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.exe]
    <IFEO[SCANPM.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scon.exe]
    <IFEO[scon.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.exe]
    <IFEO[SCRSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secu.exe]
    <IFEO[secu.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.exe]
    <IFEO[SERV95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sirc32.exe]
    <IFEO[sirc32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.exe]
    <IFEO[SMC.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smtpsvc.exe]
    <IFEO[smtpsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.exe]
    <IFEO[SPHINX.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spy.exe]
    <IFEO[spy.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe]
    <IFEO[sreng.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.exe]
    <IFEO[SWEEP95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe]
    <IFEO[symproxysvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.exe]
    <IFEO[TBSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.exe]
    <IFEO[TCA.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.exe]
    <IFEO[TDS2-98.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.exe]
    <IFEO[TDS2-NT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tmntsrv.exe]
    <IFEO[Tmntsrv.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMOAgent.exe]
    <IFEO[TMOAgent.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmproxy.exe]
    <IFEO[tmproxy.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmupdito.exe]
    <IFEO[tmupdito.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe]
    <IFEO[TSC.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UlibCfg.exe]
    <IFEO[UlibCfg.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vavrunr.exe]
    <IFEO[vavrunr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.exe]
    <IFEO[VET95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.exe]
    <IFEO[VETTRAY.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir.exe]
    <IFEO[vir.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe]
    <IFEO[VPC32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.exe]
    <IFEO[VSECOMR.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe]
    <IFEO[vshwin32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSCAN40]
    <IFEO[VSSCAN40]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <IFEO[vsstat.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCAN.exe]
    <IFEO[WEBSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.exe]
    <IFEO[WEBSCANX.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe]
    <IFEO[webtrap.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.exe]
    <IFEO[WFINDV32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows优化大师.exe]
    <IFEO[windows优化大师.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe]
    <IFEO[wink.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XDelbox.exe]
    <IFEO[XDelbox.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe]
    <IFEO[zonealarm.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Configure]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Configure.lnk --> C:\PROGRA~1\Intel\INTELP~1\HDGuard\CONFIG~1.EXE [Intel]><N>
[INTERNAT]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\INTERNAT.lnk --> C:\WINDOWS\system32\internat.exe [Microsoft Corporation]><N>
[QSGv2]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QSGv2.lnk --> F:\病毒免疫\QSGv2.exe [N/A]><N>
[run]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\run.lnk --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYPICT~1\run.vbs [N/A]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Intel(R)PAT Content and Service Management Client / csmcs][Running/Auto Start]
  <"C:\Program Files\Intel\IntelPAT\CSM\Client\vapcs32.exe"><Intel Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Hard Disk Guard Service / HDGuardSrv][Running/Auto Start]
  <C:\Program Files\Intel\Intel Platform Administrator Client\HDGuard\hdsrv.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Intel(R) Platform Administrator Client - OS Client Service / OS Client Service][Running/Auto Start]
  <C:\Program Files\Intel\Intel Platform Administrator Client\Service\OSAgent.exe><Intel>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><N/A>
[Task Scheduler / Schedule][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\schedsvc.dll><N/A>
[Sicent Network File Synchronization / sicentnetsync][Running/Auto Start]
  <C:\WINDOWS\system32\wxsyncli.exe><成都吉胜科技有限公司>
[SigmaTel Audio Service / STacSV][Running/Auto Start]
  <C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe><SigmaTel, Inc.>
[Windows Image Acquisition (WIA) / stisvc][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><N/A>
[Remote Control Server / WinVNC4][Stopped/Manual Start]
  <"C:\WINDOWS\system32\rmserver.exe" -service><>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[adsight / adsight][Running/Manual Start]
  <System32\DRIVERS\adsight.sys><Intel Corporation>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[GGG Service / GGGService][Running/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\qsgv2.sys><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HardDisk guard driver / hdguard][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hdguard.sys><Intel>
[IGALIVE / IGALIVE][Running/Auto Start]
  <\??\C:\Program Files\IGALIVE\IGALIVE.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[qsg / qsg][Running/System Start]
  <system32\DRIVERS\qsg.sys><N/A>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sonic Focus Plugin for Sigmatel HDA / sfng32][Running/Manual Start]
  <system32\drivers\sfng32.sys><Sonic Focus, Inc>
[SmiTrig / SmiTrig][Running/System Start]
  <System32\drivers\SmiTrig.sys><N/A>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TQANTISYS / TQANTISYS][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\TQANTISYS.SYS><天晴数码娱乐公司>
[TQAT_Hooker By FZH / TQAT][Stopped/Manual Start]
gototop
 
black1111
头像
初生襁褓狮
  • 帖子:44
  • 注册: 2006-10-21
  • 来自:
发表于: 2009-01-06 22:28 | 只看楼主 短消息 资料
字号: 5楼

回复:中病毒,杀毒软件被强行关闭,无法打开,盗QQ等

<\??\E:\魔域\TQAT\tqat.sys><N/A>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[Intel (R) PAT CSM Anti Hacker Driver 1.0 / vapah32][Running/System Start]
  <system32\DRIVERS\vapah32.sys><N/A>
[Intel (R) PAT CSM Disk Guard Driver 1.0 / vapdg32][Running/System Start]
  <system32\DRIVERS\vapdg32.sys><N/A>
[VIMICRO USB PC Camera VC0305 / ZSMC0305][Stopped/Manual Start]
  <System32\Drivers\usbVM305.sys><Vimicro Corporation>
[NsDlRK250 / NsDlRK250][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Nskhelper2.sys><N/A>
[NsPsDk00 / NsPsDk00][Running/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass0.sys><N/A>
[NsPsDk01 / NsPsDk01][Running/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass1.sys><N/A>
[NsPsDk02 / NsPsDk02][Running/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass2.sys><N/A>
[NsPsDk03 / NsPsDk03][Running/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass3.sys><N/A>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
==================================
浏览器加载项
[Info cache]
  {295AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\baiduc.dll, Syons.Fae>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[]
  {5A041F13-A111-12A4-B0CF-F99818AA68A5} <C:\WINDOWS\system32\artlbbdll.dll, N/A>
[]
  {5A041F13-A111-12B3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\arjxsjdll.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {E272EA87-B798-41A7-BEC2-EA47162995CC} <C:\Program Files\Internet Explorer\JnoomNt64.x86, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[Info cache]
  {295AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\baiduc.dll, Syons.Fae>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[]
  {5A041F13-A111-12A4-B0CF-F99818AA68A5} <C:\WINDOWS\system32\artlbbdll.dll, N/A>
[]
  {5A041F13-A111-12B3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\arjxsjdll.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 588][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\LogUser.dll]  [, 1.0.0.2]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\anyone360.dll]  [N/A, ]
[PID: 972][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\sh05015.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh09025.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh14039.dll]  [N/A, ]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh28014.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh27019.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh22024.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh02015.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh07004.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh19031.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh08024.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\artlbbdll.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh12016.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh24021.dll]  [N/A, ]
    [C:\WINDOWS\system32\anyone360.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\arjxsjdll.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
    [C:\WINDOWS\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 6, 0, 0]
    [C:\WINDOWS\system32\WbCodeU.dll]  [, 2, 6, 0, 0]
    [C:\WINDOWS\system32\winabc.ime]  [PKUETI, 5.22.216]
[PID: 1536][C:\WINDOWS\system32\Clsmn.exe]  [, 16.3.12.611]
    [C:\WINDOWS\system32\RegCode.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 1588][C:\Program Files\Intel\Intel Platform Administrator Client\HDGuard\Configure.exe]  [Intel, 1.0.0.1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Intel\Intel Platform Administrator Client\HDGuard\Configure2CHN.dll]  [Intel, 1.0.0.1]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 1604][C:\WINDOWS\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 1632][C:\Program Files\Intel\IntelPAT\CSM\Client\vapcs32.exe]  [Intel Corporation, 1.2.2.548]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\ACE.dll]  [, 5.5.1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\vapdbw32.dll]  [Intel Corporation, 1.2.2.548]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\vaplbs32.dll]  [Intel Corporation, 1.2.2.548]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\SSLEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\vaplcr32.dll]  [Intel Corporation, 1.2.2.548]
    [C:\Program Files\Intel\IntelPAT\CSM\Client\vapfms32.dll]  [Intel Corporation, 1.2.2.548]
[PID: 1840][C:\Program Files\Intel\Intel Platform Administrator Client\HDGuard\hdsrv.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 140][C:\Program Files\Intel\Intel Platform Administrator Client\Service\OSAgent.exe]  [Intel, 2.0.2.180]
    [C:\Program Files\Intel\Intel Platform Administrator Client\Service\GetEfiVar.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Intel\Intel Platform Administrator Client\ASF\ASFCfgsv.dll]  [Intel Corporation, 4.2.6.0]
    [C:\Program Files\Intel\Intel Platform Administrator Client\Service\OSAgentPlugin.dll]  [N/A, ]
[PID: 180][C:\WINDOWS\system32\wxsyncli.exe]  [成都吉胜科技有限公司, 1.0.1.259]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 304][C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe]  [SigmaTel, Inc., 1.0.4866.0  nd365 cp1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4866.0  nd365 cp1]
[PID: 316][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wiaservc.dll]  [N/A, ]
[PID: 1404][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 728][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 2196][C:\WINDOWS\system32\System.exe]  [HB Software, 1, 2, 1, 1007]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
[PID: 3352][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 1648][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 2084][C:\WINDOWS\TEMP\293718.txt]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
[PID: 2276][C:\Documents and Settings\Administrator\桌面\已释放的2[1].7.0.1210\释放的2.7.0.1210.exe]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\mgijopgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\niljachi.dll]  [N/A, ]
    [C:\WINDOWS\system32\lidbodac.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\oeoanbfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\wd1231.dll]  [N/A, ]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\JnoomNt64.x86]  [N/A, ]
最后编辑black1111 最后编辑于 2009-01-06 22:29:58
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT