【求助】cryptimg.dll被瑞星删了，注册表相关项无法删除 bbs.ikaka.com

yinshi2006 - 2007-2-28 0:29:00

cryptimg.dll被瑞星删了，注册表相关项无法删除。怀疑有同伙存在。
请告知方法以便将它们彻底删除。

[CODE]

2007-02-27,21:04:28

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<iTunesHelper><D:\iTunes\iTunesHelper.exe> [N/A]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"E:\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [N/A]

==================================
启动文件夹
[arp]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\arp.bat --> [N/A]><N>

==================================
服务
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod 服务 / iPodService][Running/Manual Start]
<D:\iPod\bin\iPodService.exe><N/A>
[Microsoft Search / MSSEARCH][Running/Auto Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
<d:\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINNT\system32\HPZipm12.exe><HP>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<e:\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<e:\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<d:\MICROS~2\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
<C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>

UFO不幸外人 - 2007-2-28 0:32:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [N/A]
这里，用冰刃的注册表，找到路径删除就是了

注意删除<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\arp.bat --> [N/A]><N>这个文件，有问题的

yinshi2006 - 2007-2-28 0:34:00

==================================
驱动程序
[AmosNT / AmosNT][Running/Auto Start]
<System32\DRIVERS\amosnt.sys><Conexant>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Running/Auto Start]
<System32\DRIVERS\basic2.sys><Conexant>
[DC21x4 Based Network Adapter Driver / DC21x4][Stopped/Manual Start]
<System32\DRIVERS\dc21x4.sys><Intel Corporation.>
[D-Link DFE-530TX PCI Fast Ethernet Adapter / DLKFET][Stopped/Manual Start]
<System32\DRIVERS\DLKFET.sys><D-Link>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[enodpl / enodpl][Running/Auto Start]
<System32\drivers\enodpl.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Fallback / Fallback][Running/Auto Start]
<System32\DRIVERS\fallback.sys><Conexant>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\dlkfet5b.sys><D-Link>
[Fsks / Fsks][Running/Auto Start]
<System32\DRIVERS\fsksnt.sys><Conexant>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[hidproc / hidproc][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\hidproc.sys><Microsoft Corporation>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\E:\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[K56 / K56][Running/Auto Start]
<System32\DRIVERS\k56nt.sys><Conexant>
[KSCDMAN / KSCDMAN][Running/Auto Start]
<system32\drivers\kscdman.sys><KingSoft Corp.>
[KSKNIGHT / KSKNIGHT][Stopped/Manual Start]
<\??\C:\Program Files\Kingsoft\Knight 2002\KSKNIGHT.SYS><Kingsoft>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\e:\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\system32\new.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Star Force copy protection driver v4 / prodrv04][Running/System Start]
<\SystemRoot\System32\drivers\prodrv04.sys><Protection Technology Co.>
[StarForce Protection Environment Driver v5 / prodrv05][Running/System Start]
<\SystemRoot\System32\drivers\prodrv05.sys><Protection Technology Co.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v1 / prohlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp01.sys><Protection Technology Co.>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Stopped/Auto Start]
<System32\DRIVERS\rksample.sys><Conexant>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\E:\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Others/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[SecDrv / SecDrv][Running/Auto Start]
<\??\C:\WINNT\System32\drivers\SECDRV.SYS><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SoftFax / SoftFax][Running/Auto Start]
<System32\DRIVERS\faxnt.sys><Conexant>
[SpeakerPhone / SpeakerPhone][Running/Auto Start]
<System32\DRIVERS\spkpnt.sys><Conexant>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Intel 82801 Audio Driver (WDM) - SigmaTel Codec / STAC97][Running/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[STFSD / STFSD][Stopped/Manual Start]
<\??\D:\Stream Theory\STFSD.SYS><N/A>
[SymEvent / SymEvent][Stopped/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A>
[tandpl / tandpl][Running/Auto Start]
<System32\drivers\tandpl.sys><N/A>
[Tones / Tones][Running/Auto Start]
<System32\DRIVERS\tonesnt.sys><Conexant>
[V124 / V124][Running/Auto Start]
<System32\DRIVERS\v124nt.sys><Conexant>
[vaxscsi / vaxscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[Virtual PC Emulated Ethernet Switch Driver / VPCNetS2][Running/Manual Start]
<System32\DRIVERS\VPCNetS2.sys><Connectix Corporation>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><N/A>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><N/A>
[winachsf / winachsf][Stopped/Manual Start]
<System32\DRIVERS\winachsf.sys><Conexant>
[Winacpci / Winacpci][Stopped/Manual Start]
<System32\DRIVERS\winacpci1.sys><Rockwell Semiconductor Systems>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================

yinshi2006 - 2007-2-28 0:37:00

==================================
浏览器加载项
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINNT\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[OPUCatalog Class]
{597C45C2-2D39-11D5-8D53-0050048383FE} <C:\WINNT\System32\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 200][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 224][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 244][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[PID: 272][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 284][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 448][e:\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[e:\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[e:\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[e:\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[e:\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[e:\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[e:\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[e:\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 460][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 488][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 596][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINNT\system32\hppamon0.dll] [HP, 5, 0, 5, 0]
[C:\WINNT\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINNT\system32\HPBHealr.dll] [N/A, N/A]
[C:\WINNT\system32\spool\PRTPROCS\W32X86\HPPRN05.DLL] [Hewlett-Packard Corporation, 60.05.17.02]
[C:\WINNT\system32\hppadt40.dll] [HP, 5, 0, 5, 0]
[C:\WINNT\system32\HPZidr12.dll] [HP, 5, 0, 5, 0]
[C:\WINNT\system32\hpbmmjno.dll] [Hewlett-Packard, 00.01.00]
[PID: 628][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 672][C:\WINNT\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.6693]
[PID: 724][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 824][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 904][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 944][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 976][C:\WINNT\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984]
[PID: 1008][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.5512.0]
[PID: 1084][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINNT\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.6693]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll] [N/A, N/A]
[C:\Program Files\UltraEdit\ue32ctmn.dll] [, 1, 0, 0, 1]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1180][D:\iTunes\iTunesHelper.exe] [N/A, N/A]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1224][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1288][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1148][D:\iPod\bin\iPodService.exe] [N/A, N/A]
[PID: 1512][C:\Documents and Settings\Administrator\My Documents\minitool\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Documents and Settings\Administrator\My Documents\minitool\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

==================================

瑞星卡卡安全论坛