瑞星卡卡安全论坛

自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WinampAgent = rem "C:\Program Files\Winamp\Winampa.exe"
SoundMan = SOUNDMAN.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
yahoo_mini = C:\Program Files\3721\Dlaccel\YDownloader.exe
YLive.exe = C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
yassistse = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\RavExt.dll= Rising Execute File Exts hook

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\System32\webcheck.dll
SysTray = C:\WINDOWS\System32\stobject.dll
DLMon = C:\WINDOWS\System32\DLMain.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\System32\browseui.dll= Browseui 预加载程序
%SystemRoot%\System32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe
SYSTEM.INI BOOT SCRNSAVE.EXE C:\WINDOWS\System32\logon.scr


其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search searchassistant ----> http://seek.yisou.com/srchasst.htm
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search CustomizeSearch ----> http://seek.yisou.com/srchcust.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> yao
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> yao
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> KB3999521.LOG


Hosts
127.0.0.1 localhost



进程列表

[System Process]
System
CCenter.exe
RavMonD.exe
RFWSRV.EXE
RavStub.exe
RfwMain.exe
atiptaxx.exe (Made by ATI Technologies, Inc.)
SOUNDMAN.EXE (Made by Realtek Semiconductor Corp.)
realsched.exe
YDownloader.exe
YLIVE.EXE
RavTask.exe
RavMon.exe
AdskScSrv.exe
CDAC11BA.EXE
DHCORE.EXE
IEXPLORE.EXE
IEXPLORE.EXE

SMSS.EXE
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
EXPLORER.EXE
rundll32.exe
CTFMON.EXE
ALG.EXE
rundll32.exe
wdfmgr.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
rundll32.exe
RavDetect.exe

进程详细信息


rundll32.exe

C:\WINDOWS\KB3999521.LOG


C:\WINDOWS\SYSTEM32\stdup.dll


C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll


IEXPLORE.EXE

C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll (made by Yahoo)


C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll


C:\WINDOWS\System32\AcSignIcon.dll (made by Autodesk)


C:\WINDOWS\System32\xunleibho_v3.dll


C:\WINDOWS\System32\wint\wint.dll


rundll32.exe

C:\WINDOWS\system32\STDSVER.DLL


CDAC11BA.EXE

C:\WINDOWS\System32\drivers\CDAC11BA.EXE (made by Macrovision)


AdskScSrv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (made by Autodesk, Inc.)


RavMon.exe

C:\WINDOWS\TEMP\84.dll


SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE (made by Realtek Semiconductor Corp.)


EXPLORER.EXE

C:\Program Files\WinRAR\rarext.dll