瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 帮帮我
bookbj - 2005-8-23 10:00:00
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
SysExplr = C:\Herosoft\HeroV8\SYSEXPLR.EXE
SoundMax = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
dl_accel = C:\Program Files\3721\Dlaccel\YDownloader.exe
RfwMain = "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
thunder_mini = C:\Program Files\Sandai\ThunderMini\ThunderMini.exe
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
YDTMain.exe = C:\PROGRA~1\ydt\YDTMain.exe
advapi32 = RUNDLL32 C:\WINDOWS\Downlo~1\_IS_0518\_IS_ISC.DLL,isc

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\RunOnce
RavStub = "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll =
shell32.dll =

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck = %SystemRoot%\system32\webcheck.dll
SysTray = C:\WINDOWS\system32\stobject.dll
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\system32\browseui.dll= Browseui 预加载程序
%SystemRoot%\system32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe


其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> 0
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> 0
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> C:\WINDOWS\system32\userinit.exe,


WININIT.INI
[RENAME]
NUL=
NUL=

Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



进程列表

[System Process]
System
C:\WINDOWS\system32\LEXBCES.EXE (Made by Lexmark International, Inc.)
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sandai\ThunderMini\ThunderMini.exe (Made by 深圳市三代科技开发有限公司)

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rising\rav\RavMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
F:\RavDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe

进程详细信息


C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\xunleibho_v6.dll

8A|F9~
tkVWSS
addallurl
sendurl
--------------------------------------------------
--------------------------
---------------------------
Cookie
---------------------------
------------------------------
CCatchRightClick Create
thunder://
Software\Sandai Technologies Inc.\Thunder\Paramete
ThunderOemArray
Software\Sandai Technologies Inc.\ThunderOem
IsMiniVer
[yufeng]-------------------
----------------
-----------------
----------------
IsInvalid
UseDlaccel
Software\Sandai Technologies Inc.\ThunderOem\
Software\3721
yahoo_mini
mmst://
mms://
https://
http://
ftp://
Config_Monitor
IESuffixs
.asf;.avi;.exe;.iso;.mp3;.mpeg;.mpga;.ra;.rar;.rm;
thunder.ini
MonitoringIE
#32770
CallThunder
#*05#*
#*04#*
#*03#*
#*02#*
#*01#*
bho exit
ThunderCatchRight Class
ThunderIEHelper Class
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Xunleibho.CatchRightClick.1
CLSID\%s
Xunleibho.CatchRightClick.1\CLSID
\ProgID
CLSID\
Apartment
ThreadingModel
CLSID\%s\InprocServer32
.?AV_com_error@@
.?AVtype_info@@


C:\WINDOWS\Downlo~1\_IS_0518\_IS_WEBH.dll

t(SSSj
t!WWWh
9l$ t*
SSSShd
90u29p
uRFGHt
"WWSh0
HHtpHHtl
Y95`;|
YYF;5`;|
btHHt.
YYF;5`;|
_9=\'|
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
t.;t$$t(
VC20XC00U
_9=`;|
G;=`;|
QQSUVWj
_^][YY
VWuBh@
PPPPPPPP
PPPPPPPP
Encode
SearchKey
SiteName
MonitorSite
Local\51a5e4aa-c30e-4c42-b4f4-3c2389c1d1d5
Local\a5ae79c6-1e05-4c9f-a078-b36e0da61878
Local\3c463f16-c1c7-444e-b9ce-cf6f295b943c
Local\d11d1070-7e68-437d-8e44-3b7420c6dc12
Local\745ba167-eb90-41ff-acdd-a93fb6e96f1f
Local\ec6a11e3-e817-4738-8724-2bb76d64ab44
Local\90d1ed62-8636-4135-b666-07b178599b72
Local\72fbb74c-e96d-4f13-8c1b-20c6d87555f4
Local\fbda5e40-1294-4dee-bd61-8ca14be346b1
{448332E8-BC90-4f80-AA00-6FC89A2854BF}
_IS_Site.ini
CONFIG
ADRePlay
WebADURL
WebAD_Index
WebAD_URL
URL_Index
KW_Index
KeyWord
_IS_KWRD.ini
{1CC08B2F-AFF1-11D9-9651-0003FF7E92CE}
_IS_BESYS_MAINDLG
http://
MenuBar
ReBarWindow32
Afx:400000:0:10011:110005c:0
BaseBar
MyIE2AD
MySiteBar
ADFlag
AfxADControlBar
MessageBoxA
ExitThread
DeleteFileA
CopyFileA
Global\{B8E454EF-A74C-41ec-8471-2C3538C561BC}
Global\_IS_SHAREDMEM
user32.dll
kernel32.dll
gb2312
ttraveler.exe
iexplore.exe
maxthon.exe
explorer.exe
_IS_UPD.DLL
http://liveupdate.myim.cn/liveupdate/myimlite
%s.imd
MYIM_DOWNLOAD
proc_for_ie
_IS_LOIE.dll
InprocServer32
CLSID\{1272F701-349D-4DB3-BBCD-10CBDCD049FE}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
regsvr32.exe
UnInstall
FNo configration so far
Thanks
C:\WINDOWS\Downlo~1\_IS_0518
_IS_WEBH.dll
C:\Program Files\Internet Explorer\IEXPLORE.EXE
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
((((((((((((((((((((((((((
http://
rfile://%s/%s
_IS_InAD
Main(%d,"%s")
javascript
afterBegin

AD
1
查看完整版本: 帮帮我
© 2000 - 2025 Rising Corp. Ltd.