【求助】这几天老中同一个木马，求解决方法 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】这几天老中同一个木马，求解决方法

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】这几天老中同一个木马，求解决方法

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 12:29 \| 显示全部短消息资料字号：小中大 1楼【求助】这几天老中同一个木马，求解决方法木马程序 Trojan-PSW.Win32.Nilage.awa运行模块: rundll32.exe\rundll32.exe 用卡巴删除了，重起后又会有怎样彻底解决。谢谢 2006-11-25 15:06:07
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	分享到：

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 12:53 \| 显示全部短消息资料字号：小中大 2楼 Windows XP Home Edition (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation] <nwiz><nwiz.exe /install> [N/A] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation] <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation] <!AVG Anti-Spyware><"d:\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [N/A] <r><C:\WINDOWS\down\rundll32.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><c:\windows\system32\userinit.exe,c:\windows\system32\rundll32.exe i,> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab] ================================== 启动文件夹 [腾讯QQ] <C:\Documents and Settings\linxiuting\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\qq\QQ.exe [TENCENT]><N> ================================== 服务 [Application Management / AppMgmt] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A> [卡巴斯基反病毒软件6.0 / AVP] <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab> [Human Interface Device Access / HidServ] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [IMAPI CD-Burning COM Service / ImapiService] <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A> [Svchost.exe / Svchost.exe] <C:\WINDOWS\Hacker.com.cn.exe><N/A> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [kl1 / kl1] <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab> [klif / klif] <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab> [NetGroup Packet Filter Driver / NPF] <system32\drivers\npf.sys><Politecnico di Torino> [npkcrypt / npkcrypt] <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.> [nv / nv] <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware] <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139] <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv] <System32\DRIVERS\secdrv.sys><N/A> [TSP / TSP] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> ================================== 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, Thunder Networking Technologies,LTD> [BhoHelperApp Class] {0B3D9626-CEB1-4534-AA62-AB7FE505DDC2} <C:\WINDOWS\System32\dmadv.dll, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司> [Web反病毒保护] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司> [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, > [PicUploadCtrl Class] {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.> [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下载] <d:\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <d:\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <D:\qq\AddToNetDisk.htm, N/A> [添加到QQ自定义面板] <D:\qq\AddPanel.htm, N/A> [添加到QQ表情] <D:\qq\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\qq\SendMMS.htm, N/A>
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:02 \| 显示全部短消息资料字号：小中大 3楼 ================================== 正在运行的进程 [PID: 468][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 536][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.0.299] [PID: 604][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 616][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 776][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 992][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1012][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1240][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk] [N/A, N/A] [C:\WINDOWS\System32\xunleibho_v8.dll] [Thunder Networking Technologies,LTD, 4, 5, 1, 33] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299] [PID: 1284][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [PID: 1444][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292] [PID: 1452][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl] [Kaspersky Lab, 6.0.0.300] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\basegui.dll] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299] [PID: 1496][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1576][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1668][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1680][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl] [Kaspersky Lab, 6.0.0.299]
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:04 \| 显示全部短消息资料字号：小中大 4楼 [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll] [N/A, N/A] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl] [N/A, N/A] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll] [Kaspersky Lab, 6.0.0.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll] [Kaspersky Lab, 6.0.0.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll] [Kaspersky Lab, 6.0.0.1] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdb.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\msoe.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ods.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\buffer.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memscan.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memmodsc.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntfsstrm.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btdisk.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\startupenum2.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inifile.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btimages.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prseqio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\unstored.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl] [Kaspersky Lab, 6.0.0.300] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\unlzx.ppl] [Kaspersky Lab, 6.0.0.16] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdmap.ppl] [Kaspersky Lab, 6.0.0.16] [PID: 1700][C:\WINDOWS\System32\cisvc.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1748][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8185]
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:06 \| 显示全部短消息资料字号：小中大 5楼 [PID: 2028][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [PID: 2032][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [PID: 2420][C:\WINDOWS\System32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2744][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1] [C:\WINDOWS\System32\xunleibho_v8.dll] [Thunder Networking Technologies,LTD, 4, 5, 1, 33] [C:\WINDOWS\System32\dmadv.dll] [, 5, 2006, 10, 2] [D:\qq\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0] [PID: 1828][d:\Thunder\Thunder.exe] [Thunder Networking Technologies,LTD, 5.0.6.98] [d:\Thunder\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [d:\Thunder\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [d:\Thunder\log4cplus.dll] [, 1, 0, 2, 1] [d:\Thunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [d:\Thunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 73] [d:\Thunder\iThunder.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 30] [d:\Thunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 4] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk] [N/A, N/A] [PID: 2180][D:\sreng2(1)\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:06 \| 显示全部短消息资料字号：小中大 6楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 61.141.31.11 www.kzdh.com 61.141.31.11 www.7255.com 61.141.31.11 www.7322.com 61.141.31.11 www.7939.com 61.141.31.11 www.piaoxue.com 61.141.31.11 www.feixu.net 61.141.31.11 www.6781.com 61.141.31.11 www.7b.com.cn 61.141.31.11 7b.com.cn 61.141.31.11 www.918188.com 61.141.31.11 hao.allxue.com 61.141.31.11 good.allxue.com 61.141.31.11 baby.allxue.com 61.141.31.11 www.allxue.com 61.141.31.11 about.lank.la 61.141.31.11 www.x114x.com 61.141.31.11 www.37ss.com 61.141.31.11 www.7k.cc 61.141.31.11 www.73ss.com 61.141.31.11 www.hao123.com 61.141.31.11 www.81915.com 61.141.31.11 222.88.90.22 61.141.31.11 www.9991.com 61.141.31.11 www.my123.com 61.141.31.11 www.haokan123.com 61.141.31.11 www.5566.net 61.141.31.11 www.gjj.cc 61.141.31.11 www.2345.com 61.141.31.11 dl.hao318.com 61.141.31.11 www.123wa.com 61.141.31.11 www.ku886.com 61.141.31.11 www.5icrack.com 61.141.31.11 www.jjol.cn ==================================
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:07 \| 显示全部短消息资料字号：小中大 7楼终于贴好了,高手看一下啊
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 13:55 \| 显示全部短消息资料字号：小中大 8楼 C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk "C:\Program Files\WinPcap\rpcapd.ini C:\WINDOWS\Hacker.com.cn.exe 上面三个没找到怎么办查找HOSTS文件没有127.0.0.1其他都删了
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 14:22 \| 显示全部短消息资料字号：小中大 9楼郁闷，用WINRAR只找到一个还有两个找不到C:\Program Files\WinPcap\rpcapd.ini C:\WINDOWS\Hacker.com.cn.exe ，怎么办啊，红鬼老大还要麻烦你了
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:	发表于： 2006-11-25 14:49 \| 显示全部短消息资料字号：小中大 10楼终于找到了Hacker.com.cn.exe 谢谢红老大了
喜欢飞的感觉初生襁褓狮帖子:40 注册: 2005-06-29 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT