mssys.exe,cdsdf.exe,是不是恶意软件进程 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 mssys.exe,cdsdf.exe,是不是恶意软件进程

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

mssys.exe,cdsdf.exe,是不是恶意软件进程

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 18:47 \| 只看楼主短消息资料字号：小中大 1楼 mssys.exe,cdsdf.exe,是不是恶意软件进程我的电脑今天老是在开机的时候弹出网页，好像是恶意软件，进程里面有mssys.exe,和cdsdf.exe进程，在c:/program files/common files里面有CPUSH文件夹，删不掉，注册表中run键下面有mshtmll和mssys两项，删了也会在出来，在c:/windows/inf/下找到mshtmll.dll和mssys.exe安全模式下删去了重启了还是一样，我该咱们办啊用什么方法能删掉啊 2007-03-18 15:04:55.233000000
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	分享到：

大怪怪框框拙长孩提狮帖子:219 注册: 2006-11-08 来自:	发表于： 2007-03-17 18:51 \| 短消息资料字号：小中大 2楼 mssys - mssys.exe - 进程信息进程文件：mssys 或者 mssys.exe 进程名称： MYSS.B virus 描述： mssys.exe是MYSS.B病毒的一部分。该木马允许攻击者访问你的计算机，窃取密码和个人数据。出品者：未知N/A 属于： MYSS.B virus 系统进程：否后台程序：是使用网络：否硬件相关：否常见错误：未知N/A 内存使用：未知N/A 安全等级 (0-5): 4 间谍软件：否广告软件：否 Virus: 是木马: 否建议： http://www.kztechs.com/sreng/sreng2.zip 去上面这个链接，下载SREng，运行后，点智能扫描，扫完后，保存日志，一次贴不完，分段贴上来！
大怪怪框框拙长孩提狮帖子:219 注册: 2006-11-08 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:45 \| 只看楼主短消息资料字号：小中大 3楼这个是我的扫描日志 2007-03-17,19:30:57 System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] <KavPFW><"C:\KAV2007\KPFW32.EXE"> [Kingsoft Corporation] <STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [N/A] <Vagaa><; "D:\Program Files\Vagaa\Vagaa.exe" -tray> [Vagaa Development Team] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SiS Windows KeyHook><; C:\WINDOWS\system32\keyhook.exe> [Silicon Integrated Systems Corporation] <KavStart><"C:\KAV2007\KAVStart.exe" -startup> [Kingsoft Corporation] <AGRSMMSG><; AGRSMMSG.exe> [(Verified)Agere Systems] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation] <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation] <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.] <mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A] <ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A] <OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [Hewlett-Packard] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation] <QkOnBtn><; C:\Program Files\QBU\QkOnBtn.EXE> [Dritek System Inc.] <SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation] <SoundMan><; SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.] <StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A] <WebThunder><; d:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <360Safe><Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware> [360Safe.com] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\LSASS.EXE> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe realshed.exe> [N/A] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] <UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A] <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg] <WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A] ================================== 启动文件夹 [QQ游戏启动加速程序] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N> ================================== 服务 [3B71FD46 / 3B71FD46] <C:\WINDOWS\system32\3B71FD46.EXE -service><N/A> [ASP.NET State Service / aspnet_state] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Autodesk Licensing Service / Autodesk Licensing Service] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk> [Std baft Service / baft] <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation> [C50908D4 / C50908D4] <C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation> [sdhcvs / edfscv] <C:\WINDOWS\system32\fgdfsdf.exe -service><Microsoft Corporation> [Human Interface Device Access / HidServ] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [iPodService / iPodService] <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.> [Kingsoft Personal Firewall Service / KPfwSvc] <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation> [Kingsoft Antivirus KWatch Service / KWatchSvc] <C:\KAV2007\KWatch.EXE><Kingsoft Corporation> [Messenger / Messenger] <C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc.dll><Microsoft Corporation> [Navoct / Navoct] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< > [Net Event / Net Event] <C:\WINDOWS\system32\netevent.exe><N/A> [System Administrator / Popular] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation> [REM0TE REGISTRY / REM0TEREGISTRY] <C:\WINDOWS\system\REM0REG.EXE><N/A> [RestoreService / RestoreService] <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved> [sqlserver support for winnt / sqlservech] <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation> [NT Data Provider / WalALET] <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation> [Windows Login / Windows Login] <C:\WINDOWS\system32\mslogin.exe><N/A>
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:45 \| 只看楼主短消息资料字号：小中大 4楼驱动程序 [acpidisk / acpidisk] <2 - 系统找不到指定的文件。 ><N/A> [Agere Systems Soft Modem / AgereSoftModem] <system32\DRIVERS\AGRSM.sys><Agere Systems> [Service for Realtek AC97 Audio (WDM) / ALCXWDM] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [bjdcjhee / bjdcjhee] <\SystemRoot\system32\drivers\bjdcjhee.sys><N/A> [Dritek HotKey Keyboard Filter Driver / DKbFltr] <System32\Drivers\DKbFltr.sys><Dritek System Inc.> [fkwld / fkwld] <system32\drivers\fkwld.sys><Microsoft Corporation> [GEARAspiWDM / GEARAspiWDM] <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.> [hidproc / hidproc] <\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A> [i82440bx / i82440bx] <\??\C:\WINDOWS\system32\drivers\i82440bx.sys><Microsoft Corporation> [jmoyex3 / jmoyex39] <\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A> [kmsinput / kmsinput] <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A> [KNetWch / KNetWch] <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation> [KWatch3 / KWatch3] <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation> [lanfs / lanfs] <\??\C:\WINDOWS\system32\drivers\lanfs.sys><Microsoft Corporation> [ndcia / ndcia] <\??\C:\WINDOWS\system32\drivers\ndcia.sys><Microsoft Corporation> [Netgroup Packet Filter / NPF] <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt] <\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [ofmjnq0 / ofmjnq01] <\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A> [pmrxyn0 / pmrxyn05] <\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A> [Direct Parallel Link Driver / Ptilink] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [romman / romman] <\??\C:\WINDOWS\system32\drivers\romman.sys><Microsoft Corporation> [Secdrv / Secdrv] <system32\DRIVERS\secdrv.sys><N/A> [SiS315 / SiS315] <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation> [SiSkp / SiSkp] <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation> [SiS PCI Fast Ethernet Adapter Driver / SISNIC] <system32\DRIVERS\sisnic.sys><SiS Corporation> [SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP] <system32\DRIVERS\sisnicxp.sys><SiS Corporation> [TCP/IP Protocol Driver / Tcpip] <system32\DRIVERS\tcpip.sys><Microsoft Corporation> [uzwnza8 / uzwnza86] <\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation> ================================== 浏览器加载项 [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [] {09325ac6-3579-437c-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\437ccfsb.dll, N/A> [] {1a4bedef-9bb9-4e87-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4e87ntos.dll, N/A> [Info cache] {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet> [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation> [HrefRedirect Class] {74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, > [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [联想] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A> [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [启动Web迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [CaiFuCOM Class] {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\fcai.dll, N/A> [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [] {09325AC6-3579-437C-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\437ccfsb.dll, N/A> [] {1A4BEDEF-9BB9-4E87-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4e87ntos.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet> [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation> [IEExt Class] {634539A8-7FA8-45E2-8DC3-253AF98548A1} <C:\WINDOWS\system\MFS0FT.DLL, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [HrefRedirect Class] {74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, > [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&V使用Vagaa哇嘎下载] <D:\Program Files\Vagaa\Data\vg.htm, N/A> [&使用BitComet下载] <res://D:\Program Files\BitComet_0.77\BitComet.exe/AddLink.htm, N/A> [&使用BitComet下载全部链接] <res://D:\Program Files\BitComet_0.77\BitComet.exe/AddAllLink.htm, N/A> [&使用BitComet下载本页视频] <res://D:\Program Files\BitComet_0.77\BitComet.exe/AddVideo.htm, N/A> [&使用迅雷下载] <d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [使用Web迅雷下载] <d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A> [使用Web迅雷下载全部链接] <d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A> [导入当前页到超星阅览器(&A)] <d:\Program Files\SSREADER36\ss_all.htm, N/A> [导入选中部分到超星阅览器(&S)] <d:\Program Files\SSREADER36\ss_select.htm, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ自定义面板] <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A> [金山毒霸反钓鱼...] <C:\KAV2007\KAF\ShowSet.htm, N/A>
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:49 \| 只看楼主短消息资料字号：小中大 5楼正在运行的进程 [PID: 432][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winlib .dll] [N/A, N/A] [C:\WINDOWS\system32\bdrrdf.dll] [Microsoft Corporation, N/A] [PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 720][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 916][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\iesnap\navoct.dll] [ , 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [PID: 968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1068][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1268][C:\KAV2007\KWatch.EXE] [Kingsoft Corporation, 2007, 2, 12, 84] [C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60] [C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104] [C:\KAV2007\KAVQuara.DLL] [Kingsoft Corporation, 2007, 1, 25, 1] [PID: 1360][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 2714, 0] [C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0] [C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0] [C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0] [C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0] [PID: 1444][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\trtbc.dll] [, 5, 3, 1, 120] [C:\WINDOWS\system32\ntd11.dll] [, 1.1.1.134] [C:\Program Files\yxcq\sydr.nls] [N/A, N/A] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\WINDOWS\system32\bdrrdf.dll] [Microsoft Corporation, N/A] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [PID: 1548][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kbnaxp.dll] [Microsoft Corporation, 5.1.1800.2813] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [PID: 1636][C:\KAV2007\KAVStart.exe] [Kingsoft Corporation, 2007, 3, 5, 263] [C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\KAV2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84] [C:\KAV2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 1, 16, 45] [C:\KAV2007\KAVPassp.dll] [Kingsoft Corporation, 2006, 9, 7, 270] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [PID: 1652][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A] [PID: 1692][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 1708][C:\KAV2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 2, 2, 687] [C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\KAV2007\FiltList.dll] [N/A, N/A] [C:\KAV2007\KAVPassp.DLL] [Kingsoft Corporation, 2006, 9, 7, 270] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [PID: 1772][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\COMMON~1\WANSO\Player.dll] [ , 1, 0, 0, 1] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [PID: 1848][C:\KAV2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 2, 25, 948] [C:\KAV2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129] [C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\KAV2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7] [C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60] [C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104] [C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [PID: 1980][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:50 \| 只看楼主短消息资料字号：小中大 6楼 [C:\PROGRA~1\wvxl\gfkv.dll] [ , 4, 1, 0, 4] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\PROGRA~1\wvxl\lkpa.dll] [ , 1, 0, 0, 6] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [PID: 368][C:\KAV2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 2, 2, 31] [PID: 760][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [PID: 956][C:\WINDOWS\system32\cdsdf.exe] [N/A, N/A] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 616][C:\WINDOWS\system32\netevent.exe] [N/A, N/A] [PID: 1112][C:\WINDOWS\system\REM0REG.EXE] [N/A, N/A] [PID: 1492][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\drivers\restore.dll] [Microsoft Corporation All rights reserved, 1, 0, 0, 1] [PID: 1520][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 2060][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE] [Microsoft Corporation, 5.00.2134.1] [PID: 2176][C:\WINDOWS\system32\mslogin.exe] [N/A, N/A] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 2220][C:\WINDOWS\system32\svcmost.exe] [N/A, N/A] [PID: 2232][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2252][C:\WINDOWS\system32\scvhost.exe] [N/A, N/A] [PID: 3088][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 4076][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1012][D:\Program Files\TotalCmd\TOTALCMD.EXE] [C. Ghisler & Co., 6.53] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\trtbc.dll] [, 5, 3, 1, 120] [D:\Program Files\TotalCmd\unRAR.dll] [N/A, N/A] [PID: 3344][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 2692][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system\AV1CAP.dll] [mcsoft, 1, 0, 0, 0] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 252][C:\Program Files\360safe\360Safe.exe] [奇虎网, 3, 2, 0, 1001] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001] [C:\Program Files\360safe\AntiEng.dll] [360Safe.com, 3, 0, 2, 2000] [C:\Program Files\360safe\Antispy.dll] [奇虎网, 1, 0, 0, 1002] [C:\Program Files\360safe\CleanHis.dll] [奇虎网, 3, 0, 2, 1000] [C:\Program Files\360safe\AntiActi.dll] [360Safe.com, 2, 0, 0, 3000] [C:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\360safe\LeakCheck.dll] [360Safe.com, 2, 0, 0, 3001] [PID: 6608][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5] [C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62] [D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500] [C:\WINDOWS\system32\4e87ntos.dll] [N/A, N/A] [D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll] [BitComet, 20061116] [C:\KAV2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27] [C:\WINDOWS\system32\mslink\mslink.dll] [, 1, 0, 0, 1] [PID: 7712][c:\PROGRA~1\iesnap\navplay.exe] [, 1, 0, 1, 1] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 7984][D:\Program Files\SREng.exe] [Smallfrogs Studio, 2.2.6.605] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [PID: 6380][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:50 \| 只看楼主短消息资料字号：小中大 7楼 [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5] [C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62] [D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500] [C:\WINDOWS\system32\4e87ntos.dll] [N/A, N/A] [C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll] [金泰丰(广州)科技有限公司, 2, 3, 0, 0] [D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll] [BitComet, 20061116] [C:\KAV2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27] [C:\WINDOWS\system32\mslink\mslink.dll] [, 1, 0, 0, 1] [PID: 7348][D:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30] [D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2] [C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002] [C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003] [C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241] [c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1] [C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6] [C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [c:\PROGRA~1\iesnap\navpref.dll] [, 1, 0, 1, 1] [c:\PROGRA~1\iesnap\navseg.dll] [, 1, 0, 1, 1] [c:\PROGRA~1\iesnap\navneg.dll] [, 1, 0, 1, 1] [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\winyex39.dll] [, 1, 1, 1, 1004] [C:\WINDOWS\system32\winnza86.dll] [, 1, 1, 1, 1009] [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:	发表于： 2007-03-17 19:51 \| 只看楼主短消息资料字号：小中大 8楼谢谢大家哈
邀月无缺拙长孩提狮帖子:83 注册: 2006-12-02 来自:

笨蛋12345 初生襁褓狮帖子:34 注册: 2007-03-14 来自:	发表于： 2007-03-17 20:05 \| 短消息资料字号：小中大 9楼关闭以下进程: 关闭RUNDLL32.EXE、spoolsv.exe 用IceSword强制移除于所有进程中的 winlib .dll bdrrdf.dll trtbc.dll ntd11.dll sydr.nls jiny.dll onsd.dll bdrrdf.dll uzwnza86.dll jmoyex39.dll 删除以下启动项: <mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A] <ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe realshed.exe> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A] <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg] <WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A] 删除以下服务: [3B71FD46 / 3B71FD46] <C:\WINDOWS\system32\3B71FD46.EXE -service><N/A> [Std baft Service / baft] <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation> [C50908D4 / C50908D4] <C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation> [sdhcvs / edfscv] <C:\WINDOWS\system32\fgdfsdf.exe -service><Microsoft Corporation> [Net Event / Net Event] <C:\WINDOWS\system32\netevent.exe><N/A> [System Administrator / Popular] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation> [REM0TE REGISTRY / REM0TEREGISTRY] <C:\WINDOWS\system\REM0REG.EXE><N/A> [RestoreService / RestoreService] <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved> [sqlserver support for winnt / sqlservech] <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation> [NT Data Provider / WalALET] <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation> [Windows Login / Windows Login] <C:\WINDOWS\system32\mslogin.exe><N/A> 删除以下驱动: [acpidisk / acpidisk] <2 - 系统找不到指定的文件。 ><N/A> [bjdcjhee / bjdcjhee] <\SystemRoot\system32\drivers\bjdcjhee.sys><N/A> [fkwld / fkwld] <system32\drivers\fkwld.sys><Microsoft Corporation> [hidproc / hidproc] <\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A> [jmoyex3 / jmoyex39] <\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A> [kmsinput / kmsinput] <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A> [lanfs / lanfs] <\??\C:\WINDOWS\system32\drivers\lanfs.sys><Microsoft Corporation> [ndcia / ndcia] <\??\C:\WINDOWS\system32\drivers\ndcia.sys><Microsoft Corporation> [ofmjnq0 / ofmjnq01] <\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A> [pmrxyn0 / pmrxyn05] <\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A> [romman / romman] <\??\C:\WINDOWS\system32\drivers\romman.sys><Microsoft Corporation> [uzwnza8 / uzwnza86] <\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation> 删除以下文件: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe C:\Program Files\Microsoft\svhost32.exe C:\WINDOWS\system32\realshed.exe C:\WINDOWS\realshed.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk C:\Program Files\yxcq\sydr.dll C:\WINDOWS\cryptimg.dll C:\WINDOWS\system32\wbem\cbzcsvrl.dll C:\WINDOWS\system32\3B71FD46.EXE C:\Program Files\wvxl\gfkv.dll C:\WINDOWS\system32\fgdfsdf.exe C:\WINDOWS\system32\netevent.exe C:\WINDOWS\system32\C50908D4.EXE C:\WINDOWS\system32\hrwjd.dll C:\WINDOWS\system\REM0REG.EXE c:\windows\system32\sqlservech.dll C:\WINDOWS\system32\drivers\restore.dll C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\system32\mslogin.exe C:\WINDOWS\system32\drivers\bjdcjhee.sys C:\WINDOWS\system32\drivers\fkwld.sys C:\WINDOWS\system32\drivers\hidproc.sys C:\WINDOWS\System32\DRIVERS\jmoyex39.sys C:\WINDOWS\system32\drivers\kmsinput.sys C:\WINDOWS\system32\drivers\lanfs.sys C:\WINDOWS\system32\drivers\ndcia.sys C:\WINDOWS\System32\DRIVERS\ofmjnq01.sys C:\WINDOWS\System32\DRIVERS\pmrxyn05.sys C:\WINDOWS\system32\drivers\romman.sys C:\WINDOWS\System32\DRIVERS\uzwnza86.sys 删除以下IE加载项:
笨蛋12345 初生襁褓狮帖子:34 注册: 2007-03-14 来自:

菜鸟玩病毒拙长孩提狮帖子:119 注册: 2006-11-12 来自:	发表于： 2007-03-17 20:09 \| 短消息资料字号：小中大 10楼看的头晕,一大堆的病毒木马 - -! 进行以下操作安全模式下删除注册表项: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A] <ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\LSASS.EXE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A] <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg] <WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation] 编辑 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe realshed.exe> [N/A] shell的键值为Explorer.exe 删除服务: [3B71FD46 / 3B71FD46] <C:\WINDOWS\system32\3B71FD46.EXE -service><N/A> [Std baft Service / baft] <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation> [C50908D4 / C50908D4] <C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation> [Net Event / Net Event] <C:\WINDOWS\system32\netevent.exe><N/A> [System Administrator / Popular] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation> [sqlserver support for winnt / sqlservech] <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation> [NT Data Provider / WalALET] <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation> [Windows Login / Windows Login] <C:\WINDOWS\system32\mslogin.exe><N/A> [REM0TE REGISTRY / REM0TEREGISTRY] <C:\WINDOWS\system\REM0REG.EXE><N/A> [RestoreService / RestoreService] <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved> [sqlserver support 删除驱动: [acpidisk / acpidisk] <2 - 系统找不到指定的文件。 ><N/A> [bjdcjhee / bjdcjhee] <\SystemRoot\system32\drivers\bjdcjhee.sys><N/A> [hidproc / hidproc] <\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A> [jmoyex3 / jmoyex39] <\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A> [ofmjnq0 / ofmjnq01] <\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A> [pmrxyn0 / pmrxyn05] <\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A> [uzwnza8 / uzwnza86] <\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation> 重起机器之后删除相应的文件
菜鸟玩病毒拙长孩提狮帖子:119 注册: 2006-11-12 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT