一个不留 - 2006-2-22 4:59:00
我是传奇游戏,在防火墙游戏保护里面老是提示禁止一些程序访问游戏,我不知道这些程序有问题吗?高手指教,感激感激!!
就是这些程序:
2006-02-22 00:38:41, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\downlo~1\CnsMin.dll
2006-02-22 00:38:41, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\system32\uxtheme.dll
2006-02-22 00:38:27, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\Explorer.EXE
2006-02-22 00:38:27, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\system32\lsass.exe
2006-02-22 00:38:27, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\downlo~1\CnsMin.dll
2006-02-22 00:38:27, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\system32\uxtheme.dll
2006-02-22 00:38:10, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\Explorer.EXE
2006-02-22 00:38:08, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\system32\uxtheme.dll
2006-02-22 00:38:08, 系统禁止程序访问游戏进程,被禁止程序路径:C:\WINDOWS\downlo~1\CnsMin.dll
我只知道C:\WINDOWS\Explorer.EXE 好象是浏览器,它访问我游戏程序干吗?
另外C:\WINDOWS\downlo~1\CnsMin.dll 和CnsMinkp是北京3721公司的程序,每次启动在防火墙启动选项里面就看见它们自动启动了,怎么也删除不了,什么JB烂公司,程序像病毒一样!高手指教怎么删除啊?
另外的程序文件我就不知道是什么意思了,有问题吗?高手指点一下啊!
一个不留 - 2006-2-22 5:16:00
顺便用斑竹教的方法把启动日志发上来,高手帮我看看啊,我怕木马,怕游戏盗号,感激感激!!!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. C:\WINDOWS\SOUNDMAN.EXE
+ Lskbdrv C:\PROGRAM FILES\LENOVO\幸福一键通\KBDRIVER.EXE
+ LenSoft FlyShuttle Microsoft 基础类应用程序 C:\PROGRAM FILES\LENOVO\幸福一键通\FLYSHUTTLE.EXE
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVCPL.DLL
+ nwiz NVIDIA nView Wizard, Version 43.51 NVIDIA Corporation C:\WINDOWS\system32\NWIZ.EXE
+ NeroCheck NeroCheck Ahead Software Gmbh C:\WINDOWS\SYSTEM32\NEROCHECK.EXE
+ BigDogPath Still Image (STI) Driver VM. C:\WINDOWS\VM_STI.EXE
+ CnsMin 3721 北京三七二一科技有限公司 C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ 联想呼吸灯设置.lnk 联想呼吸灯设置 C:\PROGRA~1\LENOVO\FXLEDM~1\QUAKEL~1.EXE
+ BlueSoleil.lnk Bluetooth Application IVT Corporation E:\BLUETE~1\BLUESO~1.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ ALCXSENS Sensaura WDM 3D Audio Driver Sensaura Ltd C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
+ basic2 NTRksample driver Conexant C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.SYS
+ BlueletAudio Bluelet Audio Driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\BLUELETAUDIO.SYS
+ BT Bluetooth PAN Network Adapter Driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\BTNETDRV.SYS
+ Btcsrusb Bluetooth USB Device Driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\BTCUSB.SYS
+ BTHidEnum C:\WINDOWS\SYSTEM32\DRIVERS\VBTENUM.SYS
+ BTHidMgr Bluetooth HID Manager driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\BTHIDMGR.SYS
+ CALLKEY_IO C:\PROGRAM FILES\ONEKEY\CALLKEY.SYS
+ CnsMinKP KMD Copyright (C) 3721 Corporation. C:\WINDOWS\SYSTEM32\DRIVERS\CNSMINKP.SYS
+ ExpScaner ExpScan.sys F:\RISING\杀毒\EXPSCAN.SYS
+ HOOKAPI F:\RISING\RAV\HOOKAPI.SYS
+ HookCont TDI HOOK Driver Rising tech Co. ltd F:\RISING\杀毒\HOOKCONT.SYS
+ HookReg F:\RISING\杀毒\HOOKREG.SYS
+ HookSys Hooksys Rising F:\RISING\杀毒\HOOKSYS.SYS
+ HSFHWBS2 HSF_HWB2 WDM driver Conexant Systems C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.SYS
+ HSF_DP HSF_DP driver Conexant Systems C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.SYS
+ hsf_msft WinACHSF driver Conexant C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.SYS
+ mdmxsdk Diagnostic Interface DRIVER Conexant C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS
+ MEMSCAN MemScan Driver 瑞星软件有限公司 F:\RISING\杀毒\MEMSCAN.SYS
+ MSJDrvr C:\WINDOWS\SYSTEM32\DRIVERS\MSJDRVR.SYS
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 43.51 NVIDIA Corporation C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
+ Rksample Rksample WDM driver Conexant C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.SYS
+ rtl8139 Realtek RTL8139/810x Family NDIS 5.1 Drv Realtek Semiconductor Corporation C:\WINDOWS\SYSTEM32\DRIVERS\R8139N51.SYS
+ Secdrv SafeDisc driver C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
+ UIUSys Diagnostic Interface DRIVER Conexant C:\WINDOWS\SYSTEM32\DRIVERS\UIUSYS.SYS
+ VComm Bluetooth Serial Port Driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\VCOMM.SYS
+ VcommMgr Bluetooth VcommMgr driver IVT Corporation C:\WINDOWS\SYSTEM32\DRIVERS\VCOMMMGR.SYS
+ winachsf WinACHSF driver Conexant Systems C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS
+ ZSMC301b Video streaming and Capture Device Driver VM C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS
一个不留 - 2006-2-22 7:26:00
就没有高手帮我看看嘛????????????55555555555555555555555
不言放弃 - 2006-2-22 8:02:00
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载HIJACKTHIS
导出日志
一个不留 - 2006-2-22 15:47:00
是不是这样的日志?帮我看看啊,高手大哥,感激感激!!
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 15:39:19, on 2006-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\杀毒\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Rising\杀毒\Ravmond.exe
f:\rising\防火墙\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Rising\杀毒\RavStub.exe
C:\WINDOWS\system32\Rundll32.exe
f:\rising\防火墙\RfwMain.exe
E:\blueteeth\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Rising\杀毒\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Rising\杀毒\Ravmon.exe
C:\Program Files\Lenovo\fxLEDmanager\QuakeLamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lenovo\LOCALS~1\Temp\Rar$EX19.890\HijackThis.exe
R3 - URLSearchHook:
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lskbdrv] C:\Program Files\Lenovo\
O4 - HKLM\..\Run: [LenSoft] C:\Program Files\Lenovo\
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RfwMain] "F:\Rising\
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "F:\Rising\
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: 「开始」菜单.rar
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O11 - Options group: [!CNS]
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0B16C94-F882-43F2-97EC-780051C09ECB}: NameServer = 202.98.96.68 61.139.2.69
不言放弃 - 2006-2-22 16:04:00
【回复“一个不留”的帖子】
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载最新版本的HIJACKTHIS
重新导出日志
© 2000 - 2026 Rising Corp. Ltd.