瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 忙活了一个下午.又出现新问题.高手来研究研究

12   2  /  2  页   跳转

忙活了一个下午.又出现新问题.高手来研究研究

收藏
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2006-08-10 17:05 | 短消息 资料
字号: 11楼

引用:
【傻傻de笨笨的贴子】我修复了可是没用啊```昏...
………………

杀净木马后,把下面的内容粘贴到记事本中,保存为.reg。双击之。
我在我自己的系统中试过。问题解决了。
但这是我自己的注册表备份(系统和瑞星都装在C盘),别人用行不行,我没把握。
REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RavTask"="\"C:\\Program Files\\Rising\\Rav\\RavTask.exe\" -system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ExpScaner]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
52,69,73,69,6e,67,5c,52,61,76,5c,45,78,70,53,63,61,6e,2e,73,79,\
73,00
"DisplayName"="ExpScaner"
"Group"="TDI"
"DependOnService"=hex(7):42,61,73,65,54,44,49,00,00
"DependOnGroup"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ExpScaner\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ExpScaner\Enum]
"0"="Root\\LEGACY_EXPSCANER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookCont]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
52,69,73,69,6e,67,5c,52,61,76,5c,48,4f,4f,4b,43,4f,4e,54,2e,73,\
79,73,00
"DisplayName"="HookCont"
"Group"="TDI"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookCont\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookCont\Enum]
"0"="Root\\LEGACY_HOOKCONT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookReg]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
52,69,73,69,6e,67,5c,52,61,76,5c,48,6f,6f,6b,52,65,67,2e,73,79,\
73,00
"DisplayName"="HookReg"
"Group"="TDI"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookReg\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookReg\Enum]
"0"="Root\\LEGACY_HOOKREG\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookSys]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
52,69,73,69,6e,67,5c,52,61,76,5c,48,6f,6f,6b,53,79,73,2e,73,79,\
73,00
"DisplayName"="HookSys"
"Group"="TDI"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookSys\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HookSys\Enum]
"0"="Root\\LEGACY_HOOKSYS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsCCenter]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,52,69,73,\
69,6e,67,5c,52,61,76,5c,43,43,65,6e,74,65,72,2e,65,78,65,22,00
"DisplayName"="Rising Process Communication Center"
"Group"="COM Infrastructure"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsCCenter\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsCCenter\Enum]
"0"="Root\\LEGACY_RSCCENTER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,52,69,73,\
69,6e,67,5c,52,61,76,5c,52,61,76,6d,6f,6e,64,2e,65,78,65,22,00
"DisplayName"="RsRavMon Service"
"Group"="TDI"
"DependOnService"=hex(7):52,73,43,43,65,6e,74,65,72,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,\
00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,\
00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,\
01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon\Enum]
"0"="Root\\LEGACY_RSRAVMON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-08-10 17:49 | 短消息 资料
字号: 12楼

????晕
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT