发表于: 2005-07-26 20:21 | 只看楼主 短消息 资料
字号: 1楼

请高手指点


自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
DAEMON Tools-2052 = "C:\Program Files\D-Tools\daemon.exe" -lang 2052
RavTimer = C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
RavMon = C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BigDogPath = C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll =

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\system32\webcheck.dll
SysTray = C:\WINDOWS\system32\stobject.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\system32\browseui.dll= Browseui 预加载程序
%SystemRoot%\system32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe
SYSTEM.INI BOOT SCRNSAVE.EXE C:\WINDOWS\system32\logon.scr


其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main start page ----> http://www.ali213.net
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> http://www.ali213.net
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> Administrator
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> Administrator
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,


Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


诊断信息


1 G_Server_Hook.DLL 58% 灰鸽子 C:\WINDOWS\G_Server_Hook.DLL
2 G_ServerKey.DLL 99% Trojan C:\WINDOWS\G_ServerKey.DLL

进程列表

[System Process]
System
C:\Program Files\D-Tools\daemon.exe (Made by DAEMON'S HOME)
C:\WINDOWS\VM_STI.EXE (Made by BIGDOG)

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
E:\杀毒工具\RavDetect.exe

进程详细信息


最后编辑2005-07-26 20:21:55