最新更新主题

网络推荐

我的查杀

字体: | 打印 发表于: 2007-12-11 09:54    作者: joomla    来源: 电脑爱好者网

2007-12-11 星期二, 9:52:57.15
              
----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             488 \SystemRoot\System32\smss.exe
csrss.exe            576 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe         608 winlogon.exe
services.exe         652 C:\WINDOWS\system32\services.exe
lsass.exe            664 C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe         820 C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe          832 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe          892 C:\WINDOWS\system32\svchost -k rpcss
svchost.exe          968 C:\WINDOWS\System32\svchost.exe -k NETsvcs
svchost.exe         1064 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe         1136 C:\WINDOWS\system32\svchost.exe -k LocalService
rfwproxy.exe        1208 d:\rising\rising\rfw\rfwproxy.exe
spoolsv.exe         1440 C:\WINDOWS\system32\spoolsv.exe
Ati2evxx.exe        1648 Ati2evxx.exe -Client
Explorer.exe        1744 Explorer.exe orbppo.exe
Rundll32.exe        1820 Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
90691.exe           1884 C:\WINDOWS\system32\90691.exe
svchost.exe         1928 C:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe           124 C:\WINDOWS\system32\wdfmgr.exe
CNAB4RPK.EXE         416 C:\WINDOWS\system32\CNAB4RPK.EXE
wmiprvse.exe        1184 C:\WINDOWS\system32\wbem\wmiprvse.exe
SOUNDMAN.EXE        1916 "C:\WINDOWS\SOUNDMAN.EXE"
rundll32.exe        2304 "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\3721\helper.dll,Rundll32
ctfmon.exe          2320 "C:\WINDOWS\system32\ctfmon.exe"
iexplore.exe        3368 "C:\Program Files\Internet Explorer\iexplore.exe"
ylive.exe           3424 "C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe"
rundll32.exe        3444 C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\c61.dll,Always
WebThunder.exe      3324 "C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" -Embedding
辉少查毒.EXE        2992 "C:\TDdownload\Software\辉少查毒\辉少查毒.EXE"
conime.exe          2944 C:\WINDOWS\system32\conime.exe
cmd.exe             2356 cmd.exe /c C:\DOCUME~1\a\LOCALS~1\Temp\bt8418.bat
辉少查毒.com        2608 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SoundMan        REG_SZ        SOUNDMAN.EXE
    RfwMain        REG_SZ        "D:\Rising\Rising\Rfw\rfwmain.exe" -Startup
    CnsM.dll        REG_SZ        Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rundll32
    helper.dll        REG_SZ        C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
    CnsMin        REG_SZ        Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
    remotecontrol        REG_SZ        C:\WINDOWS\system32\sysave.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe        REG_SZ        C:\WINDOWS\system32\ctfmon.exe
    swg        REG_SZ        ; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PictureShow        REG_SZ        "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    uq1o        REG_SZ        rundll32 "C:\WINDOWS\Downlo~1\uq1o.dll",start
    crbi        REG_SZ        rundll32 "C:\WINDOWS\Downlo~1\crbi.dll",Run
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {D157330A-9EF3-49F8-9A67-4141AC41ADD4}        REG_SZ       

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder        REG_SZ        {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn        REG_SZ        {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck        REG_SZ        {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray        REG_SZ        {35CEC8A3-2BE6-11D2-8773-92E220524153}
    UPnPMonitor        REG_SZ        {e57ce738-33e8-4c51-8354-bb4de9d215d1}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}        REG_SZ        Browseui 预加?
    {8C7461EF-2B13-11d2-BE35-3078302C2030}        REG_SZ        组件类别
-
-------------------IE加载项----------------------------

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
    {406F94F0-504F-4a40-8DFD-58B0666ABEBD}        REG_SZ        coolbar
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}        REG_SZ       

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{6354ABE6-05F1-49ed-B850-E423120EC338}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{84920E5F-3788-49cd-A274-E365578DF174}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{EE60714F-AC17-427e-861A-FD60CBDF119A}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}
-
-------------------映像劫持----------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetApp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DefWatch.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FWMon.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McAgent.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVIDEoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qFinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMON.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmond.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
-
-------------------各个盘的autorun.inf----------------------------
------D盘的autorun.inf内容:-------
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
------E盘的autorun.inf内容:-------
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
------F盘的autorun.inf内容:-------
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe

我也来说两句 查看全部回复

最新回复

  • 辉少 (2007-12-11 11:54:14)

    90691.exe 应该不是什么好东西,我没见过的
    ylive.exe是雅虎助手吧?
    你先在进程那终结掉,再根据他们的路径把那个文件删除
    要是删除不了的话可以PowerRMV.rar 用强行删除

    启动项中的CnsM.dll ,helper.dll ,remotecontrol
    swg,PictureShow,uq1o,crbi 都要删掉的
    你进入注册表那全部删除就可以了

    另外你中了autorun
    用 sxs专杀 和  AUTORUN病毒专杀免疫工具 就可以搞定了

    上述工具在这里可以找到
    http://bbs.aihaozhe.net/thread-16611-1-1.html

    处理完你觉得有事再和我说吧
查看全部回复 我也来说两句