初中生

Rank: 3 Rank: 3

UID: 107284
帖子: 65
积分: 281
威望: 1 点
A币: 57 元
阅读权限: 20
最后登录: 2008-10-27

1^#

打印

字体大小: tT

发表于 2007-12-22 13:40 | 只看该作者

麻烦您了版主

版主, 麻烦

这两天网速特慢，而且经常要修复过IE才能上网，不知是什么情况，麻烦看一下，谢谢了

----------------进程及其启动命令--------------
  PROCESS          PID COMMAND LINE
smss.exe          892 \SystemRoot\System32\smss.exe
csrss.exe          964 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe       1000 winlogon.exe
services.exe       1044 C:\WINDOWS\system32\services.exe
lsass.exe          1056 C:\WINDOWS\system32\lsass.exe
svchost.exe       1216 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe       1276 C:\WINDOWS\system32\svchost -k rpcss
CCenter.exe       1392 "D:\Rav\CCenter.exe"
svchost.exe       1408 C:\WINDOWS\System32\svchost.exe -k NETsvcs
svchost.exe       1512 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe       1608 C:\WINDOWS\system32\svchost.exe -k LocalService
Ravmond.exe       1636 "D:\RAV\Ravmond.exe"
rfwsrv.exe       1732 d:\rising\rfw\rfwsrv.exe
rfwproxy.exe       1800 d:\rising\rfw\rfwproxy.exe
rfwstub.exe       152 "rfwstub.exe" -rfwsrv
RavStub.exe       592 D:\RAV\RavStub.exe /RAVMOND=1023
spoolsv.exe       656 C:\WINDOWS\system32\spoolsv.exe
RfwMain.exe       776  -StartUp
stormliv.exe       944 D:\StormII\stormliv.exe /asservice
apache.exe          976 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
nSvcIp.exe       1104 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
nSvcLog.exe       1540 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
nvsvc32.exe       1744 C:\WINDOWS\system32\nvsvc32.exe
svchost.exe       1880 C:\WINDOWS\system32\svchost.exe -k imgsvc
nSvcAppFlt.exe    2124 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"
apache.exe       2260 "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -d "C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2" -D SSL
alg.exe          3432 C:\WINDOWS\System32\alg.exe
RavMon.exe       3608 "D:\Rav\RavMon.exe"
ctfmon.exe       3660 "C:\WINDOWS\system32\ctfmon.exe"
client.exe       2100 "C:\Program Files\pubinfo\client.exe"
conime.exe       3376 C:\WINDOWS\system32\conime.exe
Maxthon.exe       1828 "D:\Maxthon\Maxthon.exe"
explorer.exe       3968 "C:\WINDOWS\explorer.exe"
wmiprvse.exe       3884 C:\WINDOWS\system32\wbem\wmiprvse.exe
辉少查毒.EXE       756 "D:\程序包\辉少查毒\辉少查毒.EXE"
cmd.exe          4044 cmd.exe /c C:\DOCUME~1\ADMINI~1.256\LOCALS~1\Temp\bt7217.bat
辉少查毒.com       3956 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RavMon.exe REG_SZ D:\Rav\RavMon.exe
RfwMain REG_SZ "D:\Rising\Rfw\rfwmain.exe" -Startup
runeip REG_SZ "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F} REG_SZ Rising Execute File Exts hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
-
-------------------IE加载项----------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
-
-------------------映像劫持----------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVIDEoFX.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qFinder.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
127.0.0.1                   about-blank.cc
127.0.0.1                   hao.allxun.com
127.0.0.1                   kzxf.com
127.0.0.1                   vod.mmdy.org
127.0.0.1                   www.123wa.com
127.0.0.1                   www.4199.com
127.0.0.1                   www.71791.com
127.0.0.1                   www.7939.com
127.0.0.1                   www.9505.com
127.0.0.1                   www.feixue.net
127.0.0.1                   www.kzxf.com
127.0.0.1                   www.my123.com
127.0.0.1                   www.piaoxue.com
127.0.0.1                   www.xfkz.com
127.0.0.1                   xfkz.com
-
-------------------各个盘的autorun.inf----------------------------

本主题由辉少于 2007-12-26 19:29 分类

收藏分享评分

回复引用

订阅 TOP

辉少

超级版主

Rank: 8 Rank: 8

UID: 78719
帖子: 1463
积分: 14755
威望: 195 点
A币: 2983 元
阅读权限: 200
最后登录: 2008-11-21

终身成就勋章金点子勋章突出贡献勋章

2^#

发表于 2007-12-22 14:07 | 只看该作者

都是平常的呀
你平时觉得有什么问题呢?
慢的话你打开任务管理器看看
是那个进程的CPU使用率高就可以啦
再从那个进程入手找问题

新来的朋友们请看论坛的基本知识，不明白的请ＰＭ我
帮你查病毒
论坛使用必读
积分策略说明
负分的会员注意!!!如何赚取积分?

回复引用

TOP

tigerak47

初中生

Rank: 3 Rank: 3

UID: 107284
帖子: 65
积分: 281
威望: 1 点
A币: 57 元
阅读权限: 20
最后登录: 2008-10-27

3^#

发表于 2007-12-22 18:33 | 只看该作者

谢谢，我再从其他地方找问题

回复引用

TOP

辉少

超级版主

Rank: 8 Rank: 8

UID: 78719
帖子: 1463
积分: 14755
威望: 195 点
A币: 2983 元
阅读权限: 200
最后登录: 2008-11-21

终身成就勋章金点子勋章突出贡献勋章

4^#

发表于 2007-12-24 01:42 | 只看该作者

觉得有什么问题可以回来说说
大家一起讨论下

新来的朋友们请看论坛的基本知识，不明白的请ＰＭ我
帮你查病毒
论坛使用必读
积分策略说明
负分的会员注意!!!如何赚取积分?

回复引用

TOP

lfspecter

VIP会员

Rank: 7 Rank: 7 Rank: 7

UID: 38456
帖子: 696
积分: 14300
威望: 164 点
A币: 6371 元
阅读权限: 150
最后登录: 2008-11-12

宣传大使勋章在线持久勋章积极分子勋章

5^#

发表于 2007-12-24 07:23 | 只看该作者

conime.exe 3376 C:\WINDOWS\system32\conime.exe

conime.exe是BFGhost 1.0远程控制后门程序的一部分。这个后门程序能够运行攻击者访问你的计算机，窃取密码和个人数据。这个进程的安全等级是建议立即进行删除。

http://www.officestudy.cn/club/?fromuid=1733

回复引用

TOP

tigerak47

初中生

Rank: 3 Rank: 3

UID: 107284
帖子: 65
积分: 281
威望: 1 点
A币: 57 元
阅读权限: 20
最后登录: 2008-10-27

6^#

发表于 2007-12-24 23:24 | 只看该作者

原帖由 lfspecter 于 2007-12-24 07:23 发表
conime.exe 3376 C:\WINDOWS\system32\conime.exe

conime.exe是BFGhost 1.0远程控制后门程序的一部分。这个后门程序能够运行攻击者访问你的计算机，窃取密码和个人数据。这个进程的安全等级是建议立即进 ...

这个进程是正常的，开始就有，因为任务管理器里的进程都熟悉了，看到不认识的就会去查一查，谢谢了