瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 瑞星隔离系统里有上百个毒 瑞星却杀不了怎么办啊

1   1  /  1  页   跳转

瑞星隔离系统里有上百个毒 瑞星却杀不了怎么办啊

收藏
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 19:10 | 只看楼主 短消息 资料
字号: 1楼

瑞星隔离系统里有上百个毒 瑞星却杀不了怎么办啊

自从中熊猫后我的机子明显容易中毒

    隔离区都快满拉    瑞星杀不了怎么办啊

    瑞星听诊器也没发现什么问题    我快疯拉
最后编辑2007-01-19 19:53:01
分享到:
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 19:12 | 只看楼主 短消息 资料
字号: 2楼

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
E:\RISING\RAV\RAVSCRCH.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LCROU.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\IGFXPPH.DLL
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
E:\RISING\RAV\RSCOMMON.DLL

C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\GWAJR.DLL

C:\WINDOWS\SYSTEM32\NTFIS.EXE
D:\PROE\FLEXLM\I486_NT\OBJ\LMGRD.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CMICNFG.CPL
C:\WINDOWS\SYSTEM32\UDAPROP.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXRESS.DLL

C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXHK.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL

D:\杀毒\专杀\RSDETECT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\MHS2.EXE
C:\WINDOWS\SYSTEMT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL

D:\PROE\FLEXLM\I486_NT\OBJ\PTC_D.EXE
C:\WINDOWS\RXS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\WLS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
Cmaudio = RUNDLL32 CMICNFG.CPL,CMICTRLWND
IgfxTray = C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
HotKeysCmds = C:\WINDOWS\SYSTEM32\HKCMD.EXE
RavTask = "E:\RISING\RAV\RAVTASK.EXE" -SYSTEM
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
mytsf = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\CSRSS.EXE
mhs2 = C:\WINDOWS\MHS2.EXE
NiceMt = C:\WINDOWS\SYSTEMT.EXE
rxs3 = C:\WINDOWS\RXS3.EXE
wls3 = C:\WINDOWS\WLS3.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "E:\RISING\RAV\RAVSTUB.EXE" /RUNONCE
KKDelay = D:\杀毒\专杀\新建文件夹\RUNONCE.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 19:12 | 只看楼主 短消息 资料
字号: 3楼

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
E:\RISING\RAV\RAVSCRCH.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LCROU.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\IGFXPPH.DLL
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
E:\RISING\RAV\RSCOMMON.DLL

C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\GWAJR.DLL

C:\WINDOWS\SYSTEM32\NTFIS.EXE
D:\PROE\FLEXLM\I486_NT\OBJ\LMGRD.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CMICNFG.CPL
C:\WINDOWS\SYSTEM32\UDAPROP.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXRESS.DLL

C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXHK.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL

D:\杀毒\专杀\RSDETECT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\MHS2.EXE
C:\WINDOWS\SYSTEMT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL

D:\PROE\FLEXLM\I486_NT\OBJ\PTC_D.EXE
C:\WINDOWS\RXS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\WLS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
Cmaudio = RUNDLL32 CMICNFG.CPL,CMICTRLWND
IgfxTray = C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
HotKeysCmds = C:\WINDOWS\SYSTEM32\HKCMD.EXE
RavTask = "E:\RISING\RAV\RAVTASK.EXE" -SYSTEM
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
mytsf = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\CSRSS.EXE
mhs2 = C:\WINDOWS\MHS2.EXE
NiceMt = C:\WINDOWS\SYSTEMT.EXE
rxs3 = C:\WINDOWS\RXS3.EXE
wls3 = C:\WINDOWS\WLS3.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "E:\RISING\RAV\RAVSTUB.EXE" /RUNONCE
KKDelay = D:\杀毒\专杀\新建文件夹\RUNONCE.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 19:13 | 只看楼主 短消息 资料
字号: 4楼

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
E:\RISING\RAV\RAVSCRCH.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LCROU.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\IGFXPPH.DLL
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
E:\RISING\RAV\RSCOMMON.DLL

C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\GWAJR.DLL

C:\WINDOWS\SYSTEM32\NTFIS.EXE
D:\PROE\FLEXLM\I486_NT\OBJ\LMGRD.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CMICNFG.CPL
C:\WINDOWS\SYSTEM32\UDAPROP.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXRESS.DLL

C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXHK.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL

D:\杀毒\专杀\RSDETECT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\MHS2.EXE
C:\WINDOWS\SYSTEMT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSTEMT0.DLL

D:\PROE\FLEXLM\I486_NT\OBJ\PTC_D.EXE
C:\WINDOWS\RXS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RXS0.DLL

C:\WINDOWS\WLS3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WLS0.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
Cmaudio = RUNDLL32 CMICNFG.CPL,CMICTRLWND
IgfxTray = C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
HotKeysCmds = C:\WINDOWS\SYSTEM32\HKCMD.EXE
RavTask = "E:\RISING\RAV\RAVTASK.EXE" -SYSTEM
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
mytsf = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\CSRSS.EXE
mhs2 = C:\WINDOWS\MHS2.EXE
NiceMt = C:\WINDOWS\SYSTEMT.EXE
rxs3 = C:\WINDOWS\RXS3.EXE
wls3 = C:\WINDOWS\WLS3.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "E:\RISING\RAV\RAVSTUB.EXE" /RUNONCE
KKDelay = D:\杀毒\专杀\新建文件夹\RUNONCE.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F784E4E2-2E04-4BAD-954F-C6E05988A28D}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F89D63F-17E9-4306-BC4B-0263AE9CCA1D}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AF3E2EB-8998-463D-B8CF-94AEC77AB819}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-01-19 19:15 | 短消息 资料
字号: 5楼

mizuki.ys168.com下载sreng2,关闭不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 20:00 | 只看楼主 短消息 资料
字号: 6楼

<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[ncio / ncio][Running/Auto Start]
  <system32\DRIVERS\ncio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 20:01 | 只看楼主 短消息 资料
字号: 7楼

<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[ncio / ncio][Running/Auto Start]
  <system32\DRIVERS\ncio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 20:01 | 只看楼主 短消息 资料
字号: 8楼

<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[ncio / ncio][Running/Auto Start]
  <system32\DRIVERS\ncio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
gototop
 
kkhrtytyrt
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2007-01-14
  • 来自:
发表于: 2007-01-19 20:02 | 只看楼主 短消息 资料
字号: 9楼

<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[ncio / ncio][Running/Auto Start]
  <system32\DRIVERS\ncio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT