请高手帮忙。【求助】

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请高手帮忙。【求助】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

初生襁褓狮

帖子:16
注册: 2007-02-13
来自:

发表于： 2007-03-31 19:39 | 显示全部 短消息资料

字号：小中大 1楼

请高手帮忙。【求助】

请高手帮忙解决，如何彻底铲除这两项木马，此木马是被一电影网站强行安装的。
以下是360安全卫士查到的木马病毒：
2007-03-31 11:46
查杀恶意软件 - cmdbcs - 危险 - C:\WINDOWS\system32\cmdbcs.dll
查杀恶意软件 - 36sqgw7 - 危险 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll
以下是Sreng2日志扫描情况：

引用:

2007-03-31,19:16:49
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safetray><D:\工具\360safe\safemon\360tray.exe> [奇虎网]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Sundance ST201 based Adapter NT Driver / DLH5X][Running/Manual Start]
<system32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
[i81x / i81x][Running/Manual Start]
<system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
<system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
<system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
<system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
<system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
<system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5][Stopped/Manual Start]
<system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6][Stopped/Manual Start]
<system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7][Stopped/Manual Start]
<system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
<system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
<system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
<system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
<system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5][Stopped/Manual Start]
<system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6][Stopped/Manual Start]
<system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[misfsjqb / misfsjqb][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\misfsjqb.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\工具\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
<system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[zuqdkogz / zuqdkogz][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\zuqdkogz.sys><Yahoo! China Corporation>
==================================
浏览器加载项
[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <D:\工具\xl\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\工具\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\工具\360safe\safemon\safemon.dll, >
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\工具\xl\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\游戏\游戏工具\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\工具\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\工具\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <D:\工具\xl\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\工具\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\工具\360safe\safemon\safemon.dll, >
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<D:\工具\xl\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\工具\xl\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\工具\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\工具\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\工具\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\工具\QQ\SendMMS.htm, N/A>

2007-03-31 19:59:31

分享到：

初生襁褓狮

帖子:16
注册: 2007-02-13
来自:

发表于： 2007-03-31 19:40 | 显示全部 短消息资料

字号：小中大 2楼

引用:

==================================
正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1280][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, N/A]
[D:\工具\xl\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1460][D:\工具\360safe\safemon\360tray.exe] [奇虎网, 3, 2, 1, 1001]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 2, 0, 1001]
[D:\工具\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[D:\工具\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, N/A]
[PID: 1032][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1992][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 852][D:\工具\xl\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\xl\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[D:\工具\xl\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[D:\工具\xl\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[D:\工具\xl\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
[D:\工具\xl\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[D:\工具\xl\Components\DiagnoseHelper\DiagnoseHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[D:\工具\xl\Components\PortVerify\PortVerify.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\工具\xl\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\工具\xl\Components\DTAG\DTAG.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
[D:\工具\xl\Components\DTAG\ExtractMediaTag.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\工具\xl\Program\LiveUpdate.dll] [, 1, 0, 1, 17]
[D:\工具\xl\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 15]
[D:\工具\xl\Components\InMedia\iEmbed08.dll] [　, 3, 2, 0, 63]
[D:\工具\xl\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
[D:\工具\xl\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
[D:\工具\xl\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[D:\工具\xl\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[PID: 1972][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\xl\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[D:\工具\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[PID: 1640][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 2060][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\xl\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[D:\工具\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[PID: 3288][D:\工具\360safe\360safe.exe] [奇虎网, 3, 2, 1, 1001]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[D:\工具\360safe\AntiEng.dll] [360Safe.com, 3, 0, 2, 2000]
[D:\工具\360safe\Antispy.dll] [奇虎网, 1, 0, 0, 1002]
[D:\工具\360safe\CleanHis.dll] [奇虎网, 3, 0, 2, 1000]
[D:\工具\360safe\AntiActi.dll] [360Safe.com, 2, 0, 0, 3000]
[D:\工具\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[PID: 3348][D:\工具\QQ\TT\TTraveler.exe] [腾讯公司, 3.1.0.261]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[D:\工具\QQ\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[D:\工具\QQ\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[D:\工具\QQ\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 2996][D:\工具\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\工具\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：CreateProcessA
入口点错误：CreateProcessW

==================================

十九街区初生襁褓狮帖子:16 注册: 2007-02-13 来自:	发表于： 2007-03-31 20:09 \| 显示全部短消息资料字号：小中大 3楼请帮忙啊。
十九街区初生襁褓狮帖子:16 注册: 2007-02-13 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请高手帮忙。【求助】

请高手帮忙。【求助】

请高手帮忙。【求助】

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛请高手帮忙。【求助】