最新更新主题

网络推荐

我的查杀,谢了

字体: | 打印 发表于: 2007-12-15 15:13    作者: lmq3384    来源: 电脑爱好者网

帮忙看看,谢了

辉少查毒.EXE
(2007-12-15 15:13:08, Size: 177 KB, Downloads: 0)


我也来说两句 查看全部回复

最新回复

  • lmq3384 (2007-12-15 15:15:30)

    粗心,点错,重发

                  
    ----------------进程及其启动命令--------------
      PROCESS            PID COMMAND LINE
    smss.exe             440 \SystemRoot\System32\smss.exe
    csrss.exe            496 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe         520 winlogon.exe
    services.exe         564 C:\WINDOWS\system32\services.exe
    lsass.exe            576 C:\WINDOWS\system32\lsass.exe
    svchost.exe          724 C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe          784 C:\WINDOWS\system32\svchost -k rpcss
    CCenter.exe          848 "C:\Program Files\Rising\Rav\CCenter.exe"
    svchost.exe          880 C:\WINDOWS\System32\svchost.exe -k NETsvcs
    svchost.exe          964 C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe         1008 C:\WINDOWS\system32\svchost.exe -k LocalService
    Ravmond.exe         1056 "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"
    rfwsrv.exe          1088 "c:\program files\rising\rfw\rfwsrv.exe"
    RavStub.exe         1288 "C:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND=1023
    rfwproxy.exe        1296 "c:\program files\rising\rfw\rfwproxy.exe"
    rfwstub.exe         1584 "rfwstub.exe" -rfwsrv
    spoolsv.exe         1736 C:\WINDOWS\system32\spoolsv.exe
    LSSrvc.exe          1828 "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
    nvsvc32.exe         1896 C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe         1940 C:\WINDOWS\system32\svchost.exe -k imgsvc
    wdfmgr.exe          1968 C:\WINDOWS\system32\wdfmgr.exe
    alg.exe              468 C:\WINDOWS\System32\alg.exe
    RfwMain.exe         2156  -StartUp
    RavMon.exe          2164 C:\PROGRAM FILES\RISING\RAV\RavMon.exe -SYSTEM
    RavTask.exe         2432 "C:\Program Files\Rising\Rav\RavTask.exe" -system
    360Tray.exe         2452 "D:\360safe\safemon\360Tray.exe" /start
    ctfmon.exe          2472 "C:\WINDOWS\system32\ctfmon.exe"
    TIMPlatform.exe     3100 D:\qq\TMDlls\TIMPlatform.exe -Embedding
    iexplore.exe        3980 "C:\Program Files\Internet Explorer\iexplore.exe"
    WLLoginProxy.exe     2032 "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe" -Embedding
    explorer.exe        3992 C:\WINDOWS\explorer.exe
    Thunder5.exe        1732 "D:\Thunder\Program\Thunder5.exe" /4cf1a28a /q
    辉少查毒.EXE        3660 "C:\Documents and Settings\lvmingqiang\桌面\辉少查毒.EXE"
    conime.exe          2120 C:\WINDOWS\system32\conime.exe
    cmd.exe             3964 cmd.exe /c C:\DOCUME~1\LVMING~1\LOCALS~1\Temp\bt4053.bat
    辉少查毒.com        3844 "辉少查毒.com" -l
    -
    -------------------注册表启动项-------------------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        RavTask        REG_SZ        "C:\Program Files\Rising\Rav\RavTask.exe" -system
        NvCplDaemon        REG_SZ        RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        360Safetray        REG_SZ        D:\360safe\safemon\360Tray.exe /start

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Disabled

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\360Disabled

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
        ctfmon.exe        REG_SZ        C:\WINDOWS\system32\ctfmon.exe

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\360Disabled

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RsAutorunsDisabled
    -
    -------------------引导执行----------------------------
    -
    -------------------初始程序----------------------------
    -
    -------------------资源管理器加载项---------------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
        {32CD708B-60A7-4C00-9377-D73EAA495F0F}        REG_SZ        Rising Execute File Exts hook
        {D7B21266-AA85-44b8-B516-3B1A69827400}        REG_SZ       

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
        PostBootReminder        REG_SZ        {7849596a-48ea-486e-8937-a2a3009f31a9}
        CDBurn        REG_SZ        {fbeb8a05-beee-4442-804e-409d6c4515e9}
        WebCheck        REG_SZ        {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
        SysTray        REG_SZ        {35CEC8A3-2BE6-11D2-8773-92E220524153}
        UPnPMonitor        REG_SZ        {e57ce738-33e8-4c51-8354-bb4de9d215d1}

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
        {438755C2-A8BA-11D1-B96B-00A0C90312E1}        REG_SZ        Browseui 预加?
        {8C7461EF-2B13-11d2-BE35-3078302C2030}        REG_SZ        组件类别
    -
    -------------------IE加载项----------------------------

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
        {CFBFAE00-17A6-11D0-99CB-00C04FD64497}        REG_SZ       

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    -
    -------------------映像劫持----------------------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVIDEoFX.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qFinder.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
    -
    -------------------HOSTS文件内容----------------------------
    -
    -------------------各个盘的autorun.inf----------------------------

  • 辉少 (2007-12-15 15:44:44)

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RsAutorunsDisabled
    这是自动运行的
    办法1:在运行中输入msconfig 将启动中将这个项目设置成禁用
    办法2:在运行中输入regedit 将注册表中自动运行项*run将相应运行项目删掉
    这个是Adobe公司的一个色彩管理程序,估计你的电脑也装了PS了吧?你要是不喜欢这个的话,可以把这个文件夹删除了,路径如下X:\Documents and Settings\All Users\「开始」菜单\程序\启动,记得把打开系统的隐藏属性,否则看不到这个文件夹的


    1.jpg



    其他的没什么事

    你觉得有问题的话
    上来说一声就可以了
    谢谢你的到来
查看全部回复 我也来说两句