一、异常注册表项目:
1、HKLM\System\CurrentControlSet\Services
<ms_2fax>
<NTPDate Service>
<awvgpdv>
<bxrumgd>
<urr9cw>
2、HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
{16C6167B-FED4-4CEE-8951-134C9A345DA2}
{242F800B-2172-4659-A381-476B66E3DE2A}
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701}
3、HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
〈Shell〉
二、异常文件
c:\windows\system32\417e1.exe
c:\windows\system32\dms.exe
c:\windows\system32\drivers\awvgpdv.sys
c:\windows\system32\drivers\bxrumgd.sys
c:\windows\system32\drivers\urr9cw.sys
c:\program files\winrar\mscems32.dat
c:\program files\winrar\krnln.fnr
c:\program files\winrar\com.run
c:\windows\system32\nuej5dkybt.dll
c:\windows\system32\upubnldzlj.dll
c:\windows\system32\uzgtqnqzqbcsd.dll
c:\windows\system32\1411.dll
c:\program files\common files\microsoft\cthelper.exe
c:\program files\common files\microsoft\krnln.fnr
c:\program files\realtek\smss.exe
c:\program files\realtek\krnln.fnr
c:\program files\common files\microsoft\khalshared\msnplatform.exe
c:\program files\common files\microsoft\khalshared\krnln.fnr
c:\program files\common files\microsoft\khalshared\com.run
c:\windows\downloaded program files\bgjp.dll
c:\program files\common files\cpush\cpush0.dll
三、建议将以上异常文件打包压缩上传瑞星研究后,等待信息返回和瑞星升级杀毒。
