返回列表 回复 发帖
潮海

幼儿园

Rank: 1

UID
109905 
帖子
积分
43 
威望
2 点 
A币
20 元 
阅读权限
10 
最后登录
2008-1-6 
1#
打印
tT
发表于 2007-12-31 15:46 | 只看该作者

辉少看看我的电脑

电脑, exe, ServerDll, PROCESS, Windows
2007-12-31 星期一,15:38:07.57
              
----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             504 \SystemRoot\System32\smss.exe
csrss.exe            568 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe         592 winlogon.exe
services.exe         636 C:\WINDOWS\system32\services.exe
lsass.exe            648 C:\WINDOWS\system32\lsass.exe
svchost.exe          800 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe          848 C:\WINDOWS\system32\svchost -k rpcss
svchost.exe          936 C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe         1044 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe         1100 C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe         1220 C:\WINDOWS\system32\spoolsv.exe
AdskScSrv.exe       1448 "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
avp.exe             1492 "D:\Kaspersky Internet Security 6.0\avp.exe" -r
Explorer.EXE        1536 C:\WINDOWS\Explorer.EXE
nvsvc32.exe         1628 C:\WINDOWS\system32\nvsvc32.exe
alg.exe              908 C:\WINDOWS\System32\alg.exe
avp.exe             1796 "D:\Kaspersky Internet Security 6.0\avp.exe"
ctfmon.exe          1416 "C:\WINDOWS\system32\ctfmon.exe"
conime.exe          2596 C:\WINDOWS\system32\conime.exe
firefox.exe         1112 "C:\Program Files\Mozilla Firefox\firefox.exe"
Thunder5.exe        2568 "D:\Thunder\Program\Thunder5.exe" /ca2127f7
辉少查毒.exe         776 "G:\我的软件\辉少查毒.exe"
cmd.exe             2264 cmd.exe /c C:\DOCUME~1\GAMJ\LOCALS~1\Temp\bt8527.bat
辉少查毒.com        1380 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon        REG_SZ        RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    kis        REG_SZ        "D:\Kaspersky Internet Security 6.0\avp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe        REG_SZ        C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}        REG_SZ       
    {1D908534-AD45-920F-AC89-4024FA9D26D1}        REG_SZ        gjfhayc.dll
    {1D098345-9012-8750-8910-9128098134D1}        REG_SZ        jsqxayc.dll

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck        REG_SZ        {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray        REG_SZ        {35CEC8A3-2BE6-11D2-8773-92E220524153}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}        REG_SZ        Browseui 预加?
    {8C7461EF-2B13-11d2-BE35-3078302C2030}        REG_SZ        组件类别
-
-------------------IE加载项----------------------------

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}        REG_SZ       

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
-
-------------------映像劫持----------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------

-
-------------------各个盘的autorun.inf----------------------------
收藏 分享 评分
回复 引用

订阅 TOP

潮海

幼儿园

Rank: 1

UID
109905 
帖子
积分
43 
威望
2 点 
A币
20 元 
阅读权限
10 
最后登录
2008-1-6 
2#
发表于 2007-12-31 15:48 | 只看该作者
这样真的查的出来吗???
很多的电脑杀毒软件都没有查的出来呀!
不过还是谢谢你呀!!
帮我看一下呀。
回复 引用

TOP

辉少

超级版主

Rank: 8Rank: 8

UID
78719 
帖子
1463 
积分
14755 
威望
195 点 
A币
2983 元 
阅读权限
200 
最后登录
2008-11-21 

终身成就勋章金点子勋章突出贡献勋章
3#
发表于 2007-12-31 19:08 | 只看该作者
进入任务表在下面这个位置HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
删掉下面这两个
{1D908534-AD45-920F-AC89-4024FA9D26D1}        REG_SZ        gjfhayc.dll
{1D098345-9012-8750-8910-9128098134D1}        REG_SZ        jsqxayc.dll
再用Sreng修复一下,这个软件会用不?
用冰刃或XDELBOX删掉下面这两个
C:\WINDOWS\system32\gjfhayc.dll
C:\WINDOWS\system32\jsqxayc.dll
再用AV专杀在安全模式下杀一遍
最后用金山清理专家清理一遍
你看看行不行罗
呵呵
这个不一定行的
我尽力而为啦
新来的朋友们请看论坛的基本知识,不明白的请PM我
帮你查病毒
论坛使用必读
积分策略说明
负分的会员注意!!!如何赚取积分?
回复 引用

TOP

辉少

超级版主

Rank: 8Rank: 8

UID
78719 
帖子
1463 
积分
14755 
威望
195 点 
A币
2983 元 
阅读权限
200 
最后登录
2008-11-21 

终身成就勋章金点子勋章突出贡献勋章
4#
发表于 2007-12-31 20:20 | 只看该作者
上面用到的几个软件如下
新来的朋友们请看论坛的基本知识,不明白的请PM我
帮你查病毒
论坛使用必读
积分策略说明
负分的会员注意!!!如何赚取积分?
回复 引用

TOP

返回列表