中毒了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中毒了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

中毒了

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 13:53 \| 显示全部短消息资料字号：小中大 1楼中毒了瑞星到期了，现在用免费的卡把，杀出；感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lwc c:\documents and settings\xiao\local settings\temp\tmpa.tmp 3.5 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lsb c:\documents and settings\xiao\local settings\temp\tmp7.tmp 3.1 KB 感染的:病毒 Worm.Win32.Downloader.eh c:\windows\system32\a.exe 32.5 KB 感染的:木马程序 Trojan-PSW.Win32.Nilage.bxe c:\windows\system32\vdkrdkrdj.dll 19.2 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.ply c:\windows\system32\syhqahozyzj.dll 18.4 KB 感染的:木马程序 Trojan-PSW.Win32.Nilage.bxf c:\windows\system32\ubjqyflwow.dll 20.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp16.tmp 14.6 KB 感染的:木马程序 Trojan-Downloader.Win32.Small.hsh C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp17.tmp 8 KB 感染的:木马程序 Trojan-Downloader.Win32.Small.hsh C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp18.tmp 8 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lze C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp19.tmp 15 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lze C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp2B.tmp 15 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp2C.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lze C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp2F.tmp 15 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp30.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp31.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp34.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp35.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp36.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp37.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp38.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lwc C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp39.tmp 15 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp3B.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd C:\DOCUME~1\xiao\LOCALS~1\Temp\tmp3C.tmp 14.6 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lze c:\documents and settings\xiao\local settings\temp\tmp33.tmp 15 KB 感染的:木马程序 Trojan-PSW.Win32.OnLineGames.lvd c:\documents and settings\xiao\local settings\temp\tmp32.tmp 14.6 KB 怎么办啊 [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 2008-02-01 20:07:52
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	分享到：

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 15:13 \| 显示全部短消息资料字号：小中大 2楼 [CODE] 2008-02-01,14:55:30 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] <FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe> [(Verified)Adobe Systems Incorporated] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <360Safebox><"D:\yinyue 2\360Safebox\safeboxTray.exe" /r> [奇虎网] <360Safetray><D:\yinyue 2\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\Herosoft\HeroV8\豪杰多~1.SCR> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] ================================== 启动文件夹 [QQ游戏启动加速程序] <C:\Documents and Settings\xiao\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart][Stopped/Auto Start] <C:\WINDOWS\system32\ati2sgag.exe><> [卡巴斯基反病毒软件 7.0 / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> ==================================
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 15:14 \| 显示全部短消息资料字号：小中大 3楼【回复“井底之蛙啊”的帖子】驱动程序 [1994171 / 1994171][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\1994140.sys><N/A> [588656 / 588656][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\588625.sys><N/A> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [RAS Asynchronous Media Driver / AsyncMac][Stopped/Auto Start] <system32\DRIVERS\msconkt.sys><N/A> [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [RAS Asynchronous Media Driver / CCDECODE][Stopped/Auto Start] <system32\DRIVERS\msconkt.sys><N/A> [CMIUCR.SYS CM220 Card Reader Driver / CMISTOR][Running/Manual Start] <system32\DRIVERS\cmiucr.SYS><C-Media Corporation> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] <system32\DRIVERS\klim5.sys><Kaspersky Lab> [Netgroup Packet Filter / NPF][Running/Manual Start] <system32\drivers\npf.sys><Politecnico di Torino> [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\D:\yinyue 2\360Safebox\SafeBoxKrnl.sys><奇虎网> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [WD / WD][Stopped/Manual Start] <2 - 系统找不到指定的文件。 ><N/A> [ZHTU / ZHTU][Stopped/Manual Start] <2 - 系统找不到指定的文件。 ><N/A> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [IESuper] {1A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, > [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\ChinaNet\VnetTransfer.dll, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\yinyue 2\360safe\safemon\safemon.dll, 奇虎网> [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD> [Web 反病毒统计] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab> [豪杰超级解霸V8] {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A> [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.> [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [IESuper] {1A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, > [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\ChinaNet\VnetTransfer.dll, > [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\yinyue 2\360safe\live.dll, 360safe.com> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\yinyue 2\360safe\safemon\safemon.dll, 奇虎网> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.> [使用网际快车下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [使用迅雷下载] <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A> [使用迅雷下载全部链接] <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [百度Flash搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A> [百度mp3搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A> [百度信息快递搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A> [百度图片搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A> [百度搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A> [百度新闻搜索] <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A> [豪杰超级解霸V8实时播放] <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A> ==================================
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 15:15 \| 显示全部短消息资料字号：小中大 4楼【回复“井底之蛙啊”的帖子】正在运行的进程 [PID: 712 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 820 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 852 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125] [PID: 896 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 908 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1068 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 1088 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1180 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1272 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1380 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1692 / xiao][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 1748 / xiao][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [PID: 1816 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 200 / xiao][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 288 / xiao][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [PID: 688 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2084 / xiao][D:\yinyue 2\360safe\safemon\360Tray.exe] [奇虎网, 4, 0, 2, 1001] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [D:\yinyue 2\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 0, 0, 1001] [D:\yinyue 2\360safe\AntiAdwa.dll] [360Safe.com, 4, 0, 0, 1002] [D:\yinyue 2\360safe\live.dll] [360safe.com, 1, 0, 1, 1022] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1892 / xiao][C:\泰阳证券网上交易V4.40.17\zdsj.exe] [上海核新软件技术有限公司, 2007, 3, 16, 0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\泰阳证券网上交易V4.40.17\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [PID: 3912 / xiao][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\PROGRA~1\IESuper\iesuper.dll] [, 1, 0, 2, 5] [C:\Program Files\ChinaNet\VnetTransfer.dll] [, 2007, 5, 11, 17] [C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1] [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll] [Kaspersky Lab, 7.0.5.125] [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [PID: 4000 / xiao][C:\DOCUME~1\xiao\LOCALS~1\Temp\Rar$EX00.859\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [D:\yinyue 2\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 0, 1001] [C:\DOCUME~1\xiao\LOCALS~1\Temp\Rar$EX00.859\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 15:16 \| 显示全部短消息资料字号：小中大 5楼【回复“井底之蛙啊”的帖子】================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.177dvd.cn 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 200, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1892, C:\泰阳证券网上交易V4.40.17\ZDSJ.EXE] ================================== API HOOK RVA 错误： LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误： LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误： LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误： LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== 隐藏进程 N/A ================================== [/CODE]
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 18:10 \| 显示全部短消息资料字号：小中大 6楼谁来看看啊
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 18:43 \| 显示全部短消息资料字号：小中大 7楼【回复“井底之蛙啊”的帖子】怎么没人看，几死了我家连望用的星空激素，按了拨号后，本来应该变成注销，可谁知道，刚一边成注销，星空继素就消失了，我再双机兴空激素，本来应该是注销，现在却是拨号２字，再点拨号，又是相同请矿，但上网没影响，星空激素小时了，是因为黑棵不想让我段开网络是这样吗
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 18:46 \| 显示全部短消息资料字号：小中大 8楼【回复“井底之蛙啊”的帖子】啊，我打开卡把，卡把外面是鼠标肩头，里面是杀楼，想关都关不了，说系统被所住了　啊
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 19:05 \| 显示全部短消息资料字号：小中大 9楼【回复“井底之蛙啊”的帖子】写错了是被系统所住，不是系统被所住
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:	发表于： 2008-02-01 19:31 \| 显示全部短消息资料字号：小中大 10楼【回复“有毒必问”的帖子】大哥你说清楚点，我在安全模式下进如ＳＲＥＮＧ－服务，里找不到你说的东西，又到文件夹里也找不到．重新开几，卡把没问题了，可星空激素还是老问题．．帮忙解决下
井底之蛙啊自信弱冠狮帖子:294 注册: 2006-05-03 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT