给偶看看~~! exe, windows, ServerDll, PROCESS, Windows

舞动流风

----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             460 \SystemRoot\System32\smss.exe
csrss.exe            524 C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe         548 winlogon.exe
services.exe         592 C:\windows\system32\services.exe
lsass.exe            604 C:\windows\system32\lsass.exe
svchost.exe          760 C:\windows\system32\svchost -k DcomLaunch
svchost.exe          820 C:\windows\system32\svchost -k rpcss
CCenter.exe          900 "C:\Program Files\Rising\Rav\CCenter.exe"
svchost.exe          916 C:\windows\System32\svchost.exe -k NETsvcs
svchost.exe          952 C:\windows\system32\svchost.exe -k NetworkService
svchost.exe          976 C:\windows\system32\svchost.exe -k LocalService
Ravmond.exe         1028 "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"
rfwsrv.exe          1104 "c:\program files\rising\rfw\rfwsrv.exe"
Explorer.EXE        1416 C:\windows\Explorer.EXE
rfwstub.exe         1420 "rfwstub.exe" -rfwsrv
rfwproxy.exe        1500 "c:\program files\rising\rfw\rfwproxy.exe"
RavStub.exe         1696 "C:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND=1022
RfwMain.exe         1736  -StartUp
spoolsv.exe         1800 C:\windows\system32\spoolsv.exe
RavTask.exe         2040 "C:\Program Files\Rising\Rav\RavTask.exe" -system
Ravmon.exe           288 "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM
jfCacheMgr.exe       988 "D:\Program Files\ppfilm\jfCacheMgr.exe"
ctfmon.exe          1212 "C:\windows\system32\ctfmon.exe"
eEBSVC.exe          2168 "C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe"
alg.exe             2484 C:\windows\System32\alg.exe
ShadowService.exe     2696 C:\WINDOWS\system32\shadow\ShadowService.exe
wuauclt.exe         3612 "C:\windows\system32\wuauclt.exe" /RunStoreAsComServer Local\[394]SUSDS8cae752fcc88ab46b49c2b58acfe06f8
辉少查毒.EXE        2652 "C:\Documents and Settings\Administrator\桌面\新建文件夹\辉少查毒.EXE"
cmd.exe             2684 cmd.exe /c C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bt2327.bat
辉少查毒.com        2752 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RavTask REG_SZ "C:\Program Files\Rising\Rav\RavTask.exe" -system
    IMSCMig REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    jfproc REG_SZ D:\Program Files\ppfilm\jfCacheMgr.exe
    HIDEDragon REG_SZ F:\郭锐\HideDragon290\HideDragon290\HideDragon\HideDragon.exe
    RunShadowTip REG_SZ C:\WINDOWS\system32\shadow\ShadowTip.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe REG_SZ C:\windows\system32\ctfmon.exe
    MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    PhDesktop REG_SZ D:\Program Files\Oray\PeanutHull5\PhDesktop.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    MSDEG32 REG_SZ LYLoader.exe
    MSDWG32 REG_SZ LYLoadbr.exe
    MSDCG32     REG_SZ LYLeador.exe
    MSDOG32 REG_SZ LYLoador.exe
    MSDSG32 REG_SZ LYLoadar.exe
    MSDHG32 REG_SZ LYLoadhr.exe
    MSDQG32 REG_SZ LYLoadqr.exe
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {32CD708B-60A7-4C00-9377-D73EAA495F0F} REG_SZ Rising Execute File Exts hook
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui 预加?
    {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ 组件类别
-
-------------------IE加载项----------------------------
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
    {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} REG_SZ
    {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} REG_SZ coolbar
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{7A37C212-F116-423D-8152-8340DD8C1848}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\RsAutorunsDisabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{06926B30-424E-4f1c-8EE3-543CD96573DC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
-
-------------------映像劫持----------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qFinder.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
127.0.0.1       localhost
127.0.0.1     locator.metadata.windowsmedia.com
127.0.0.1     onlinestore.smgbb.cn
-
-------------------各个盘的autorun.inf----------------------------

辉少

运行—msconfig—启动，把jfcachemgr.exe前面的钩去掉；
运行—regedit—编辑--查找jfcachemgr.exe，直接将搜索出来的键值删除
下面那个也要进入注册表删除
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IMSCMig REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    jfproc REG_SZ D:\Program Files\ppfilm\jfCacheMgr.exe
    HideDragon REG_SZ F:\郭锐\HideDragon290\HideDragon290\HideDragon\HideDragon.exe
    RunShadowTip REG_SZ C:\WINDOWS\system32\shadow\ShadowTip.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    PhDesktop REG_SZ D:\Program Files\Oray\PeanutHull5\PhDesktop.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RsAutorunsDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    MSDEG32 REG_SZ LYLoader.exe
    MSDWG32 REG_SZ LYLoadbr.exe
    MSDCG32     REG_SZ LYLeador.exe
    MSDOG32 REG_SZ LYLoador.exe
    MSDSG32 REG_SZ LYLoadar.exe
    MSDHG32 REG_SZ LYLoadhr.exe
    MSDQG32 REG_SZ LYLoadqr.exe

辉少

用我这两个东西清理下插件
http://bbs.aihaozhe.net/thread-16612-1-1.html

有问题可以继续反馈

舞动流风

好的`!~!`谢了辉少~~!
~     我先清理下机子`~!~

junx945

ddddddd

辉少

请LS的不要灌水

20031111

杀毒就可以了