瑞星卡卡安全论坛
酷鼠 - 2006-6-9 13:00:00
本人中了Backdoor.Gpigeon.uql 病毒,瑞星说删除成功,在查也的确是没有了,但是第2天又发现有了此病毒,这是什么原因啊。
怎样才能彻底删除啊
独孤豪侠 - 2006-6-9 13:02:00
在坛子上找baohe班竹的贴子有很多是说鸽子的。
酷鼠 - 2006-6-9 13:03:00
谢谢了,我发现有同样的帖子了,呵呵
yanmings - 2006-6-9 13:04:00
扫日志上来,鸽子要禁用它的服务才行
yanmings - 2006-6-9 13:04:00
http://forum.ikaka.com/topic.asp?board=28&artid=6979213一楼下载附件扫描
酷鼠 - 2006-6-9 13:15:00
哦。谢谢了
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVCPL.DLL
+ nwiz C:\WINDOWS\system32\NWIZ.EXE
+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL
+ High Definition Audio Property Page Shortcut High Definition Audio Property Page Shortcut v1.0a Windows (R) Server 2003 DDK provider C:\WINDOWS\system32\HDASHCUT.EXE
+ SoundMAXPnP SMax4PNP Analog Devices, Inc. C:\PROGRAM FILES\ANALOG DEVICES\CORE\SMAX4PNP.EXE
+ SoundMAX Audio Control Panel Analog Devices, Inc. C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE
+ YLive.exe YLive C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
+ StormCodec_Helper D:\CUIHAO\STORM CODEC\STORMSET.EXE
+ yassistse AssistSetting Yahoo! C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE
+ BigDogPath Vimicro Vimicro C:\WINDOWS\VM_STI.EXE
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ 壁纸自动换.lnk C:\WINDOWS\SYSTEM32\BGSWITCH.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVSVC32.EXE
+ Rising Firewell Service C:\WINDOWS\SVCHOST.EXE
+ StdService MMS Standard Update Module MStdup Co Ltd. C:\WINDOWS\SYSTEM32\STDSVER.DLL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ a320raid Adaptec HostRAID for Ultra320 SCSI Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\A320RAID.SYS
+ AAC Adaptec RAID Miniport Driver Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\AAC.SYS
+ aar1210 Adaptec HostRAID for Serial ATA Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\AAR1210.SYS
+ ac97intc Intel(r) Integrated Controller Hub Audio Driver Intel Corporation C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS
+ ADIHdAudAddService High Definition Audio Function Driver(Release Candidate 1) Analog Devices, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ADIHDAUD.SYS
+ adpu320 Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ADPU320.SYS
+ AEAudioService Andrea Audio Noise Cancellation Driver Andrea Electronics Corporation C:\WINDOWS\SYSTEM32\DRIVERS\AEAUDIO.SYS
+ aec6210 ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6210.SYS
+ aec6260 ID=0006, 0007 ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6260.SYS
+ aec6280 AEC6280 Miniport Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6280.SYS
+ AEC6290 AEC6280 Miniport Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6290.SYS
+ AEC67160 AEC67160 PCI Ultra3 LVD/SE Adapter Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC67160.SYS
+ AEC671X AEC671X PCI Ultra/W SCSI3 Adapter Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC671X.SYS
+ AEC6880 AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6880.SYS
+ AEC6890 AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC6890.SYS
+ aec68x5 AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver ACARD Technology Corp. C:\WINDOWS\SYSTEM32\DRIVERS\AEC68X5.SYS
+ AliIde ALi mini IDE Driver Acer Laboratories Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS
+ arc Adaptec RAID Storport Driver Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ARC.SYS
+ asc AdvanSys SCSI Controller Driver Advanced System Products, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ASC
酷鼠 - 2006-6-9 13:44:00
+ asc3550 AdvanSys Ultra-Wide PCI SCSI Driver Advanced System Products, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS
+ CmdIde CMD PCI IDE Bus Driver CMD Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS
+ CnsMinKP KMD Copyright (C) 3721 Corporation. C:\WINDOWS\SYSTEM32\DRIVERS\CNSMINKP.SYS
+ dac2w2k Mylex Disk Array Controller Driver Mylex Corporation C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS
+ elxstor Storport Miniport Driver for LightPulse HBAs Emulex C:\WINDOWS\SYSTEM32\DRIVERS\ELXSTOR.SYS
+ ExpScaner ExpScan.sys D:\CUIHAO\RISING\RAV\EXPSCAN.SYS
+ FASTSX Promise FastTRAK SX4/SX4000 Driver for WindowsXP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FASTSX.SYS
+ fasttrak Promise FastTrak Series Driver for WinXP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FASTTRAK.SYS
+ fasttx2k Promise Driver for Windows XP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FASTTX2K.SYS
+ fasttx2k2 Promise FastTrak Series Driver for WindowsXP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FASTTX2K2.SYS
+ FETND5BV NDIS 5.0 miniport driver VIA Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FETND5BV.SYS
+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FETND5.SYS
+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\FETND5B.SYS
+ HdAudAddService High Definition Audio Function Driver v1.0a Windows (R) Server 2003 DDK provider C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDIO.SYS
+ HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
+ HOOKAPI HOOKAPI Driver 瑞星软件有限公司 D:\CUIHAO\RISING\RAV\HOOKAPI.SYS
+ HookCont TDI HOOK Driver Rising tech Co. ltd D:\CUIHAO\RISING\RAV\HOOKCONT.SYS
+ HookReg D:\CUIHAO\RISING\RAV\HOOKREG.SYS
+ HookSys Hooksys Rising D:\CUIHAO\RISING\RAV\HOOKSYS.SYS
+ HpCISSs Smart Array 5x and 6x Controllers Storport Driver Hewlett-Packard Company C:\WINDOWS\SYSTEM32\DRIVERS\HPCISSS.SYS
+ HPT371 HPT3xx Miniport Driver HighPoint Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HPT371.SYS
+ hpt374 HPT374 Miniport Driver HighPoint Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HPT374.SYS
+ hpt3xx HPT3xx Miniport Driver HighPoint Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HPT3XX.SYS
+ hptmv hptmv Miniport Driver HighPoint Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HPTMV.SYS
+ hptpro Hptpro HighPoint Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HPTPRO.SYS
+ iaStor Intel Application Accelerator driver Intel Corporation C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS
+ iirsp Intel/ICP Raid Storport Driver Intel Corp./ICP vortex GmbH C:\WINDOWS\SYSTEM32\DRIVERS\IIRSP.SYS
+ iteraid ITE IT8212 ATA RAID SCSI miniport Integrated Technology Express, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ITERAID.SYS
+ LSI_SAS LSI Logic Fusion-MPT SAS Driver (StorPort) LSI Logic C:\WINDOWS\SYSTEM32\DRIVERS\LSI_SAS.SYS
+ LSI_SCSI LSI Logic Fusion-MPT SCSI Driver (StorPort) LSI Logic C:\WINDOWS\SYSTEM32\DRIVERS\LSI_SCSI.SYS
+ m5228 M5228 ATA RAID Controller Driver ALi Corporation. C:\WINDOWS\SYSTEM32\DRIVERS\M5228.SYS
+ m5281 M5281 SATA RAID Controller Driver ALi Corporation C:\WINDOWS\SYSTEM32\DRIVERS\M5281.SYS
+ MegaIDE LSI MegaRAID IDE Driver LSI Logic Corporation. C:\WINDOWS\SYSTEM32\DRIVERS\MEGAIDE.SYS
+ megasas MEGASAS RAID Controller Driver for Windows for x86 LSI Logic Corporation C:\WINDOWS\SYSTEM32\DRIVERS\MEGASAS.SYS
+ MEMSCAN MemScan Driver 瑞星软件有限公司 D:\CUIHAO\RISING\RAV\MEMSCAN.SYS
+ mraid2k MEGARAID SCSI Controller Driver for Windows 2000 PAE American Megatrends, Inc.
酷鼠 - 2006-6-9 13:45:00
C:\WINDOWS\SYSTEM32\DRIVERS\MRAID2K.SYS
+ mraid35x MegaRAID RAID Controller Driver for Windows Whistler 32 American Megatrends Inc. C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS
+ MTsensor ATK0110 ACPI Utility C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.SYS
+ nfrd960 IBM ServeRAID Controller Driver IBM Corporation C:\WINDOWS\SYSTEM32\DRIVERS\NFRD960.SYS
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. D:\CUIHAO\2006QQ421\QQ\NPKCRYPT.SYS
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.95 NVIDIA Corporation C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
+ NvAtaBus NVIDIA? nForce(TM) IDE Performance Driver NVIDIA Corporation C:\WINDOWS\SYSTEM32\DRIVERS\NVATABUS.SYS
+ nvraid NVIDIA? nForce(TM) RAID Driver NVIDIA Corporation C:\WINDOWS\SYSTEM32\DRIVERS\NVRAID.SYS
+ PNP649R IDE RAID miniport driver CMD Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PNP649R.SYS
+ Pnp680 DMA capable ATA miniport driver Silicon Image, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PNP680.SYS
+ Pnp680r DMA capable ATA RAID miniport driver Silicon Image, Inc C:\WINDOWS\SYSTEM32\DRIVERS\PNP680R.SYS
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
+ ql1080 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS
+ ql12160 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS
+ ql1280 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS
+ ql2300 QLogic Fibre Channel Stor Miniport Driver QLogic Corporation C:\WINDOWS\SYSTEM32\DRIVERS\QL2300.SYS
+ RAIDSRC Intel(r)/ICP Miniport Driver Intel/ICP C:\WINDOWS\SYSTEM32\DRIVERS\RAIDSRC.SYS
+ S150SX8 Promise SATAII150 SX8 Driver for WindowsXP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\S150SX8.SYS
+ Secdrv SafeDisc driver C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
+ SenFiltService Sensaura WDM 3D Audio Driver Sensaura C:\WINDOWS\SYSTEM32\DRIVERS\SENFILT.SYS
+ SI3112 Serial ATA miniport driver Silicon Image, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SI3112.SYS
+ SI3112r Serial ATA RAID Miniport Driver Silicon Image, Inc C:\WINDOWS\SYSTEM32\DRIVERS\SI3112R.SYS
+ SI3114 Serial ATA miniport driver Silicon Image, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SI3114.SYS
+ SI3114r SATARAID Miniport Driver Silicon Image, Inc C:\WINDOWS\SYSTEM32\DRIVERS\SI3114R.SYS
+ SI3124 Serial ATA miniport driver Silicon Image, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SI3124.SYS
+ SI3124r SATARAID miniport driver (PRE-RELEASE) Silicon Image, Inc C:\WINDOWS\SYSTEM32\DRIVERS\SI3124R.SYS
+ SiFilter Windows Accelerator Driver Silicon Image, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SIWINACC.SYS
+ SISIDE SiS PCI Mini IDE Driver Silicon Integrated Systems Corp. C:\WINDOWS\SYSTEM32\DRIVERS\SISIDE.SYS
+ SiSRaid SiS RAID Miniport Driver Silicon Integrated Systems C:\WINDOWS\SYSTEM32\DRIVERS\SISRAID.SYS
+ SiSRaid1 SiS RAID Miniport Driver Silicon Integrated Systems C:\WINDOWS\SYSTEM32\DRIVERS\SISRAID1.SYS
+ SISRAIDS SiS RAID Miniport Driver Silicon Integrated Systems Corp C:\WINDOWS\SYSTEM32\DRIVERS\SISRAIDS.SYS
+ Sparrow Adaptec AIC-6x60 series SCSI miniport Adaptec, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS
+ sptrak Promise SuperTrak Family Driver for WindowsNT Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SPTRAK.SYS
+ symc810 Symbios Logic Inc. SCSI Miniport Driver Symbios Logic Inc. C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS
+ symc8xx Symbios 8XX SCSI Miniport Driver LSI
酷鼠 - 2006-6-9 13:46:00
C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS
+ SYMMPI LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) LSI Logic C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS
+ sym_hi Symbios Hi-Perf SCSI Miniport Driver LSI Logic C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS
+ sym_u3 Symbios Ultra3 SCSI Miniport Driver LSI Logic C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS
+ UlSata Promise Ultra/Sata Series Driver for WinXP Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ULSATA.SYS
+ ULSATAS Promise SATAII150 Series Driver for Win2003 Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ULSATAS.SYS
+ ultra Promise Ultra66 Miniport 驱动程序 Promise Technology, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS
+ ViaIde VIA Generic PCI IDE Bus Driver VIA Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\VIAIDEXP.SYS
+ viamraid VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 VIA Technologies inc,.ltd C:\WINDOWS\SYSTEM32\DRIVERS\VIAMRAID.SYS
+ viapdsk VIA VT4149 PATA Driver VIA Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\VIAPDSK.SYS
+ viaraid VT6410 RAID DRIVER FOR WINXP VIA Technologies inc,.ltd C:\WINDOWS\SYSTEM32\DRIVERS\VIARAID.SYS
+ viasraid VIA SATA RAID DRIVER FOR WINXP VIA Technologies inc,.ltd C:\WINDOWS\SYSTEM32\DRIVERS\VIASRAID.SYS
+ vmscsi VMware SCSI Controller VMware, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\VMSCSI.SYS
+ ZSMC301b Video streaming and Capture Device Driver VM C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 显示摇曳 CPL 扩展 DESKPAN.DLL
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. C:\WINDOWS\SYSTEM32\HTICONS.DLL
+ WinRAR C:\PROGRAM FILES\WINRAR\RAREXT.DLL
+ DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVCPL.DLL
+ NVIDIA CPL Extension NVIDIA Display Properties Extension NVIDIA Corporation C:\WINDOWS\SYSTEM32\NVCPL.DLL
+ Desktop Explorer C:\WINDOWS\SYSTEM32\NVSHELL.DLL
+ nView Desktop Context Menu C:\WINDOWS\SYSTEM32\NVSHELL.DLL
+ 粉碎文件 Wiper 动态链接库 C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL
+ Yahoo!Photo yPhtb Yahoo! China C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Yahoo!Photo yPhtb Yahoo! China C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
+ AntiFish Class yangling.dll Yahoo. C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YANGLING.DLL
+ 雅虎助手 ToolBar Yahoo! C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
+ QQBrowserHelperObject Class C:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
+ DragSearch BHO DragSearch C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
+ MMSAssist BHO MMSAssist C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
+ stdup MMS Standard Update Module MStdup Co Ltd. C:\WINDOWS\SYSTEM32\STDUP.DLL
+ Thunder Browser Helper XunLeiBHO Thunder Networking Technologies,LTD D:\我的应用软件\迅雷\COMDLLS\XUNLEIBHO_001.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
+ 雅虎助手 ToolBar Yahoo! C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
+ 易趣购物 HTTP://CLICK2.AD4ALL.NET/URL2/URLMANAGE/URL.ASP?ID=5
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ DllDirectory C:\WINDOWS\SYSTEM32
mopery - 2006-6-9 14:19:00
找 HijackThis 那个斑竹已经删了..
轩辕小聪 - 2006-6-9 14:21:00
+ Rising Firewell Service C:\WINDOWS\SVCHOST.EXE
用Autoruns删除这一项,重启后删除
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SVCHOST.DLL(如果有的话)
C:\WINDOWS\SVCHOSTKey.DLL (如果有的话)
C:\WINDOWS\SVCHOST_HOOK.DLL(如果有的话)
酷鼠 - 2006-6-9 15:06:00
谢谢了,我找到了。
我去下个Autoruns软件
轩辕小聪 - 2006-6-9 15:09:00
等等,这么说你不是用Autoruns扫的,那上面的那个日志是?瑞星防火墙扫的?
也不用特意去用Autoruns,直接在注册表就行了:
在注册表展开
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
删除Rising Firewell Service项目
这就相当于用Autoruns处理了。
酷鼠 - 2006-6-9 15:27:00
我在WINDOW下找到了SVCHOST.EXE ,
用Autoruns查找,但是找不到。
用瑞星杀毒也说没有病毒了,这是怎么回事啊
现在SVCHOST.EXE 还在WINDOW下那
附件:
250773200669151914.BMP
轩辕小聪 - 2006-6-9 15:33:00
删除此文件。
酷鼠 - 2006-6-9 15:43:00
| 引用: |
【轩辕小聪的贴子】等等,这么说你不是用Autoruns扫的,那上面的那个日志是?瑞星防火墙扫的?
也不用特意去用Autoruns,直接在注册表就行了:
在注册表展开
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
删除Rising Firewell Service项目
这就相当于用Autoruns处理了。
........................... |
注册表已经删除了,但重起后在WIN下删除不了,说有保护
附件:
250773200669153600.BMP
daking - 2006-6-9 15:45:00
轩辕小聪 - 2006-6-9 15:46:00
记得文件路径C:\WINDOWS\SVCHOST.EXE,不要搞错了。
如果正常模式删不了就到安全模式下删。
daking - 2006-6-9 15:59:00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ DAEMON Tools-2052 Virtual DAEMON Manager DAEMON'S HOME C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
+ StormCodec_Helper C:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\STORMSET.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ BUZOR 存储本地和远程计算机上文件的索引内容;辅助系统快速访问文件系统。 C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
+ kav 安全程序 C:\WINDOWS\HACKER.COM.CN.EXE
+ PDEngine PDEngine Module Raxco Software, Inc. C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDENGINE.EXE
+ PDSched PDSched Module Raxco Software, Inc. C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDSCHED.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ ac97intc Intel(r) Integrated Controller Hub Audio Driver Intel Corporation C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS
+ d347bus PnP BIOS Extension C:\WINDOWS\SYSTEM32\DRIVERS\D347BUS.SYS
+ d347prt SCSI miniport C:\WINDOWS\SYSTEM32\DRIVERS\D347PRT.SYS
+ ExpScaner ExpScan.sys C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
+ HookCont TDI HOOK Driver Rising tech Co. ltd C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
+ HookReg C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
+ HookSys Hooksys Rising C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
+ i81x Miniport Driver for Intel Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\I81XNT5.SYS
+ iAimFP0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV01NT.SYS
+ iAimFP1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV02NT.SYS
+ iAimFP2 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV05NT.SYS
+ iAimFP3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WSIINTXX.SYS
+ iAimFP4 Local Flat Panel Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WVCHNTXX.SYS
+ iAimFP5 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV07NT.SYS
+ iAimFP6 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV08NT.SYS
+ iAimFP7 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WADV09NT.SYS
+ iAimTV0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WATV01NT.SYS
+ iAimTV1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WATV02NT.SYS
+ iAimTV3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WATV04NT.SYS
+ iAimTV4 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WCH7XXNT.SYS
+ iAimTV5 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WATV10NT.SYS
+ iAimTV6 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation C:\WINDOWS\SYSTEM32\DRIVERS\WATV06NT.SYS
+ MEMSCAN MemScan Driver 瑞星软件有限公司 C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
+ npkcrypt C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
+ npkycryp C:\PROGRAM FILES\TENCENT\QQ\NPKYCRYP.SYS
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
+ Secdrv SafeDisc driver Macrovision Europe Ltd C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 显示摇曳 CPL 扩展 DESKPAN.DLL
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. C:\WINDOWS\SYSTEM32\HTICONS.DLL
+ WinRAR C:\PROGRAM FILES\WINRAR\RAREXT.DLL
+ 粉碎文件 C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL
+ Yahoo!Photo C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Class xunleibho BHO Thunder Networking Technologies,LTD C:\WINDOWS\SYSTEM32\XUNLEIBHO_V13.DLL
+ QuickBtn Quick Link Fengcent C:\PROGRAM FILES\COOLWEBSITE\QUICKLINK.DLL
+ Yahoo!Photo C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
+ DragSearch BHO C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
+ 腾讯QQ C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
+ &D.S.Lite D:\下载\DSLITE\DSLITE2\DSLITE.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\BootExecute
+ PDBoot.exe PerfectDisk Boot Time Defragmentation Raxco Software, Inc. C:\WINDOWS\system32\PDBOOT.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ DllDirectory C:\WINDOWS\SYSTEM32
轩辕小聪 - 2006-6-9 16:03:00
+ BUZOR 存储本地和远程计算机上文件的索引内容;辅助系统快速访问文件系统。 C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
+ kav 安全程序 C:\WINDOWS\HACKER.COM.CN.EXE
删除这两项,重启后删除对应文件。上面一个是Trojan.DL.QQHelper,下面一个是灰鸽子。真搞笑,一个破解版的灰鸽子,还想假冒杀软。
daking - 2006-6-9 16:08:00
xiao cong ,zen me cao zuo? yao an zhuang shen me gong ju
ruan jian ma?
轩辕小聪 - 2006-6-9 16:19:00
晕倒,楼上不能打文字,一定要打拼音吗?!
如果你扫日志用的是Autoruns,在它的“everything”(英文版)或“所有启动项”(汉化版)中找到并删除这两项,然后重启电脑并删除文件。
daking - 2006-6-9 16:23:00
wo yi qie huan shu ru fa,liu lan qi jiu chu cuo,55555
daking - 2006-6-9 16:26:00
wo yong fang huo qiang gao de ri zhi
酷鼠 - 2006-6-10 2:35:00
| 引用: |
【轩辕小聪的贴子】记得文件路径C:\WINDOWS\SVCHOST.EXE,不要搞错了。
如果正常模式删不了就到安全模式下删。
........................... |
我在安全模式下没有看到C:\WINDOWS\SVCHOST.EXE,但是SYSTEM有一个,我个删了,还没删除了,说有保护,但是在重启,瑞星小伞失效了
﹌純鎮噯 - 2006-6-10 2:56:00
你重装杀毒软件就OK了~~
这样小雨伞应该可以监控拉~~
1
© 2000 - 2026 Rising Corp. Ltd.
