1   1  /  1  页   跳转

【求助】救命!我被病毒埋了!

收藏
西山帅哥
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2007-06-26
  • 来自:
发表于: 2007-07-07 18:46 | 只看楼主 短消息 资料
字号: 1楼

【求助】救命!我被病毒埋了!

诸位高手,我的电脑一查毒居然查出20个来,前天查出178个。而且每次都杀不干净,再杀还有,全都是一个叫Trojan.IMMSG.win32.hh的病毒。    我该怎么办呢?

附件附件:

下载次数:93
文件类型:application/octet-stream
文件大小:
上传时间:2007-7-7 18:46:12
描述:

最后编辑2007-07-07 19:36:12
分享到:
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-07-07 18:48 | 短消息 资料
字号: 2楼

把报告贴上来 分次发
gototop
 
haohe的fans
头像
叱咤花甲狮
  • 帖子:2818
  • 注册: 2007-06-17
  • 来自:
发表于: 2007-07-07 18:49 | 短消息 资料
字号: 3楼

========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
gototop
 
西山帅哥
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2007-06-26
  • 来自:
发表于: 2007-07-07 18:54 | 只看楼主 短消息 资料
字号: 4楼

瑞星卡卡电脑诊断日志 v1.20 (2007-7-7 18:16:44)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + Win32 Services
    + HKLM\System\CurrentControlSet\Services
      Ati HotKey Poller
        [AM] 1. c:\windows\system32\ati2evxx.exe
      P4P Service
        [A ] 2. c:\program files\common files\sogou pxp\p2psvr.exe
      RfwProxySrv
        [A ] 3. c:\program files\rising\rfw\rfwproxy.exe
      RfwService
        [A ] 4. c:\program files\rising\rfw\rfwsrv.exe
      RsCCenter
        [A ] 5. c:\program files\rising\rav\ccenter.exe
      RsRavMon
        [A ] 6. c:\program files\rising\rav\ravmond.exe
      WmdmPmSN
        [A ] 7. c:\windows\system32\mspmsnsv.dll
  + Kernel Drivers
    + HKLM\System\CurrentControlSet\Services
      BaseTDI
        [A ] 8. c:\windows\system32\drivers\basetdi.sys
      basic2
        [A ] 9. c:\windows\system32\drivers\basic2.sys
      ClntMgmt.sys
        [A ] 10. c:\windows\system32\drivers\clntmgmt.sys
      Cnxtdiag
        [A ] 11. c:\windows\system32\drivers\cnxtdiag.sys
      EABFiltr
        [A ] 12. c:\windows\system32\drivers\eabfiltr.sys
      eabusb
        [A ] 13. c:\windows\system32\drivers\eabusb.sys
      ExpScaner
        [A ] 14. c:\program files\rising\rav\expscan.sys
      Fallback
        [A ] 15. c:\windows\system32\drivers\fallback.sys
      Fsks
        [A ] 16. c:\windows\system32\drivers\fsksnt.sys
      HookCont
        [A ] 17. c:\program files\rising\rav\hookcont.sys
      HookReg
        [A ] 18. c:\program files\rising\rav\hookreg.sys
      HookSys
        [A ] 19. c:\program files\rising\rav\hooksys.sys
      HookUrl
        [A ] 20. c:\program files\rising\rfw\hookurl.sys
      ibmdmx
        [A ] 21. c:\windows\system32\drivers\ibmdmx.sys
      K56
        [A ] 22. c:\windows\system32\drivers\k56nt.sys
      KWATCH
        [A ] 23. c:\kav2003\kwatch.sys
      MEMSCAN
        [A ] 24. c:\program files\rising\rav\memscan.sys
      mProcRs
        [A ] 25. c:\program files\rising\rfw\mprocrs.sys
      New0
        [A ] 26. c:\windows\system32\new.sys
      NPF
        [A ] 27. c:\windows\system32\drivers\npf.sys
      PxHelp20
        [A ] 28. c:\windows\system32\drivers\pxhelp20.sys
      Rksample
        [A ] 29. c:\windows\system32\drivers\rksample.sys
      RsAntiSpyware
        [A ] 30. c:\windows\system32\drivers\rsboot.sys
      RsFwDrv
        [A ] 31. c:\program files\rising\rfw\rsfwdrv.sys
      RsNTGDI
        [A ] 32. c:\windows\system32\drivers\rsntgdi.sys
      RSPPSYS
        [A ] 33. c:\program files\rising\rav\rsppsys.sys
      Secdrv
        [A ] 34. c:\windows\system32\drivers\secdrv.sys
      serport
        [A ] 35. c:\windows\system32\drivers\ser2pl.sys
      smwdm

        [A ] 36. c:\windows\system32\drivers\smwdm.sys
      SoftFax
        [A ] 37. c:\windows\system32\drivers\faxnt.sys
      SynTP
        [A ] 38. c:\windows\system32\drivers\syntp.sys
      Tones
        [A ] 39. c:\windows\system32\drivers\tonesnt.sys
      usbehci
        [A ] 40. c:\windows\system32\drivers\usbehci.sys
      V124
        [A ] 41. c:\windows\system32\drivers\v124nt.sys
      winachsf
        [A ] 42. c:\windows\system32\drivers\hsf_cnxt.sys
      ZSMC301b
        [A ] 43. c:\windows\system32\drivers\usbvm31b.sys
  + Internet Explorer
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
        [A ] 44. c:\windows\system32\kakatool.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
        [AM] 45. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 46. c:\program files\sina\uc\uc.exe
      Script
        [A ] 47. c:\windows\web\related.htm
  + Explorer
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      dic
        [A ] 48. c:\program files\kingsoft\powerword 2003\xdictexb.dll
      ic32pp
        [A ] 49. c:\windows\wc98pp.dll
    + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
      {81716107-A10D-11cf-64CD-11115FE1CF41}
        [A ] 50. c:\windows\system32\nwizzhuxians.exe
    + HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
      {F9DB5320-233E-11D1-9F84-707F02C10627}
        [AM] 51. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      WinRAR shell extension
        [AM] 52. c:\program files\winrar\rarext.dll
      Shell Extensions for RealOne Player
        [A ] 53. c:\program files\real\realone player\rpshell.dll
      RISING
[AM] 54. c:\windows\system32\ravext.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 54. c:\windows\system32\ravext.dll
      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [A ] 55. c:\windows\system32\shlhook.dll
  + Logon
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      ATIModeChange
        [A ] 56. c:\windows\system32\ati2mdxx.exe
      AtiPTA
        [AM] 57. c:\windows\system32\atiptaxx.exe
      SynTPLpr
        [AM] 58. c:\program files\synaptics\syntp\syntplpr.exe
      SynTPEnh
        [AM] 59. c:\program files\synaptics\syntp\syntpenh.exe
      srmclean
        [A ] 60. c:\cpqs\scom\srmclean.exe
      BigDogPath
        [AM] 61. c:\windows\vm_sti.exe
      TkBellExe
        [AM] 62. c:\program files\common files\real\update_ob\realsched.exe
      RavTask
        [A ] 63. c:\program files\rising\rav\ravtask.exe
      RfwMain
        [AM] 64. c:\program files\rising\rfw\rfwmain.exe
      runeip
        [AM] 65. c:\program files\rising\antispyware\runiep.exe
      Microsoft Autorun7
        [A ] 66. c:\windows\system32\nwizqjsj.exe
      Microsoft Autorun11
        [A ] 67. c:\windows\system32\nwizwlwzs.exe
      AVPSrv
        [A ] 68. c:\windows\avpsrv.exe
      Microsoft Autorun5
        [A ] 69. c:\windows\system32\mosou.exe
      WinForm
        [A ] 70. c:\windows\winform.exe
      Microsoft Autorun1
        [A ] 71. c:\windows\system32\nwizdh.exe
      MsIMMs32
        [A ] 72. c:\windows\msimms32.exe
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 73. c:\program files\rising\antispyware\runonce.exe
  + Boot Execute
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 74. c:\windows\system32\bsmain.exe
        [A ] 75. c:\windows\system32\kknative.exe
  + Image Hijacks
    + HKCR\.bat
      batfile\edit\Command
        [A ] 76. c:\windows\system32\notepad.exe
      batfile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 77. c:\program files\microsoft office\office\msohtmed.exe
      htmlfile\Print\Command
        [A ] 77. c:\program files\microsoft office\office\msohtmed.exe
    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 77. c:\program files\microsoft office\office\msohtmed.exe
      htmlfile\Print\Command
        [A ] 77. c:\program files\microsoft office\office\msohtmed.exe
    + HKCR\.log
      txtfile\open\Command
gototop
 
西山帅哥
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2007-06-26
  • 来自:
发表于: 2007-07-07 18:56 | 只看楼主 短消息 资料
字号: 5楼

[A ] 76. c:\windows\system32\notepad.exe
      txtfile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
      txtfile\printto\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.txt
      txtfile\open\Command
        [A ] 76. c:\windows\system32\notepad.exe
      txtfile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
      txtfile\printto\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.cmd
      cmdfile\edit\Command
        [A ] 76. c:\windows\system32\notepad.exe
      cmdfile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.reg
      regfile\edit\Command
        [A ] 76. c:\windows\system32\notepad.exe
      regfile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.vbs
      VBSFile\Edit\Command
        [A ] 76. c:\windows\system32\notepad.exe
      VBSFile\Print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.js
      JSFile\Edit\Command
        [A ] 76. c:\windows\system32\notepad.exe
      JSFile\Print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.ini
      inifile\open\Command
        [A ] 76. c:\windows\system32\notepad.exe
      inifile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
    + HKCR\.inf
      inffile\open\Command
        [A ] 76. c:\windows\system32\notepad.exe
      inffile\print\Command
        [A ] 76. c:\windows\system32\notepad.exe
+ 其他自启动项目
  + C:\Documents and Settings\liu yongjun\「开始」菜单\程序\启动
    新浪UC.lnk
      [A ] 46. c:\program files\sina\uc\uc.exe
  + C:\Documents and Settings\All Users\「开始」菜单\程序\启动
    Adobe Reader Speed Launch.lnk
      [A ] 78. c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
+ 系统活动模块
  + 000000dc(220) EabServr.exe
    00400000[0001E000]
      [ M] 79. c:\program files\compaq\eab\eabservr.exe
    10000000[00027000]
      [ M] 80. c:\program files\compaq\eab\eabcomn.dll
    00930000[00012000]
      [ M] 81. c:\program files\compaq\eab\cpqinfo.dll
    00BB0000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    01030000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 000000e8(232) VM_STI.EXE
    00400000[0000D000]
      [AM] 61. c:\windows\vm_sti.exe
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 00000144(324) realsched.exe
    00400000[0002F000]
      [AM] 62. c:\program files\common files\real\update_ob\realsched.exe
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 00000184(388) smss.exe
  + 00000200(512) conime.exe
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 00000270(624) csrss.exe
  + 00000288(648) winlogon.exe
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
    72C90000[00009000]
      [ M] 85. c:\windows\system32\wdmaud.drv
    72C80000[00008000]
      [ M] 86. c:\windows\system32\msacm32.drv
    10000000[00012000]
      [ M] 87. c:\windows\system32\72c0726a.dll
  + 0000029c(668) Ati2evxx.exe
    00400000[0001D000]
      [AM] 1. c:\windows\system32\ati2evxx.exe
  + 000002b4(692) services.exe
  + 000002c0(704) lsass.exe
  + 00000364(868) svchost.exe
  + 000003dc(988) svchost.exe
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
  + 00000454(1108) svchost.exe
  + 00000468(1128) svchost.exe
  + 00000628(1576) Explorer.EXE
    10000000[0001B000]
      [AM] 54. c:\windows\system32\ravext.dll
    011D0000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
    72C90000[00009000]
      [ M] 85. c:\windows\system32\wdmaud.drv
    72C80000[00008000]
      [ M] 86. c:\windows\system32\msacm32.drv
    02B10000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
    02E40000[00012000]
      [ M] 87. c:\windows\system32\72c0726a.dll
    03350000[00007000]
      [ M] 88. c:\windows\system32\nwiztlbb.dll
    00F60000[00006000]
      [ M] 89. c:\windows\system32\nwizwlwzs.dll
    03650000[0001C000]
      [AM] 51. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    03730000[0002B000]
      [AM] 52. c:\program files\winrar\rarext.dll
    23700000[0001A000]
      [ M] 90. c:\program files\rising\rav\rscommon.dll
    03520000[0000E000]
      [AM] 45. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    7C340000[00056000]
      [ M] 91. c:\windows\system32\msvcr71.dll
    04300000[00005000]
      [ M] 92. c:\windows\system32\mosou.dll
    15000000[0000F000]
      [ M] 93. c:\windows\system32\k11837988414.dat
    03240000[00007000]
      [ M] 94. c:\windows\system32\avpsrv.dll
    039E0000[00006000]
      [ M] 95. c:\windows\system32\nwizqjsj.dll
    03A00000[00008000]
      [ M] 96. c:\windows\system32\winform.dll
    045F0000[00005000]
      [ M] 97. c:\windows\system32\dh2104.dll
    04610000[00009000]
      [ M] 98. c:\windows\system32\timhost.dll
    04690000[00006000]
      [ M] 99. c:\windows\system32\nwizzhuxians.dll
    03160000[00007000]
      [ M] 100. c:\windows\system32\msimms32.dll
    03190000[00008000]
      [ M] 101. c:\windows\system32\cmdbcs.dll
  + 00000694(1684) spoolsv.exe
  + 000007b8(1976) ntsd.exe
  + 000007c4(1988) atiptaxx.exe
    00400000[0004D000]
      [AM] 57. c:\windows\system32\atiptaxx.exe
    10000000[0000A000]
      [ M] 102. c:\windows\system32\atrpuixx.chs
    00A90000[0002B000]
      [ M] 103. c:\windows\system32\atipdsxx.dll
    00E10000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 000007cc(1996) SynTPLpr.exe
    00400000[0001C000]
      [AM] 58. c:\program files\synaptics\syntp\syntplpr.exe
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 000007d4(2004) SynTPEnh.exe
    00400000[00073000]
      [AM] 59. c:\program files\synaptics\syntp\syntpenh.exe
    63010000[0001C000]
      [ M] 104. c:\windows\system32\syntpapi.dll
    00D30000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 000007d8(2008) RfwMain.exe
    00400000[00073000]
      [AM] 64. c:\program files\rising\rfw\rfwmain.exe
    26600000[0007D000]
      [ M] 105. c:\program files\rising\rfw\rsguilib.dll
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
    23700000[0001A000]
      [ M] 106. c:\program files\rising\rfw\rscommon.dll
    10000000[0000F000]
      [ M] 107. c:\program files\rising\rfw\rfwctrl.dll
    23800000[0001A000]
      [ M] 108. c:\program files\rising\rfw\rsxml.dll
    23900000[00031000]
      [ M] 109. c:\program files\rising\rfw\pngdll.dll
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    01730000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
    15000000[0000F000]
      [ M] 93. c:\windows\system32\k11837988414.dat
  + 00000a8c(2700) Ras.exe
    00400000[0013D000]
      [ M] 110. c:\program files\rising\antispyware\ras.exe
    15000000[0000F000]
      [ M] 93. c:\windows\system32\k11837988414.dat
    00DA0000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[000A0000]
      [ M] 111. c:\program files\rising\antispyware\rasgui.dll
    01820000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
    6BD00000[0000D000]
      [ M] 84. c:\windows\system32\syncor11.dll
    02EC0000[00008000]
      [ M] 96. c:\windows\system32\winform.dll
    02EB0000[00007000]
      [ M] 94. c:\windows\system32\avpsrv.dll
    035B0000[00019000]
      [ M] 112. c:\program files\rising\rav\ravscrch.dll
    72C90000[00009000]
      [ M] 85. c:\windows\system32\wdmaud.drv
    72C80000[00008000]
      [ M] 86. c:\windows\system32\msacm32.drv
    03070000[0002F000]
      [ M] 113. c:\program files\rising\antispyware\engine.dll
    030A0000[00012000]
      [ M] 114. c:\program files\rising\antispyware\zip.dll
  + 00000b40(2880) svchost.exe
  + 00000cec(3308) runiep.exe
    00400000[00012000]
      [AM] 65. c:\program files\rising\antispyware\runiep.exe
    15000000[0000F000]
      [ M] 93. c:\windows\system32\k11837988414.dat
    10000000[00005000]
      [ M] 92. c:\windows\system32\mosou.dll
    00B20000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    010D0000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 00000f7c(3964) ctfmon.exe
    63000000[00014000]
      [ M] 82. c:\windows\system32\syntpfcs.dll
    10000000[0001B000]
      [ M] 83. c:\program files\rising\antispyware\ieprot.dll
  + 00000fe8(4072) RavStub.exe
    00400000[00018000]
      [ M] 115. c:\program files\rising\rav\ravstub.exe
    10000000[0001B000]
      [ M] 116. c:\program files\rising\rav\rscommx.dll
    23700000[0001A000]
      [ M] 90. c:\program files\rising\rav\rscommon.dll
gototop
 
西山帅哥
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2007-06-26
  • 来自:
发表于: 2007-07-07 19:01 | 只看楼主 短消息 资料
字号: 6楼

这个是听诊器分析的:

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM32\SYNTPAPI.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM32\ATRPUIXX.CHS
C:\WINDOWS\SYSTEM32\ATIPDSXX.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\P2PSVR.EXE
C:\PROGRAM FILES\SOGOU PXP\VODSVR.DLL
C:\PROGRAM FILES\SOGOU PXP\PXPNET.DLL
C:\PROGRAM FILES\SOGOU PXP\P2PCLIENT.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\NMGAMEX.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\72C0726A.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL
C:\WINDOWS\SYSTEM32\NWIZTLBB.DLL
C:\WINDOWS\SYSTEM32\NWIZWLWZS.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL

C:\PROGRAM FILES\COMPAQ\EAB\EABSERVR.EXE
C:\PROGRAM FILES\COMPAQ\EAB\EABCOMN.DLL
C:\PROGRAM FILES\COMPAQ\EAB\CPQINFO.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\72C0726A.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL
C:\PROGRAM FILES\RISING\RFW\RSXML.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\72C0726A.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\DOCUMENTS AND SETTINGS\LIU YONGJUN\桌面\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\NTSD.EXE
C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
ATIModeChange = ATI2MDXX.EXE
AtiPTA = ATIPTAXX.EXE
SynTPLpr = C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
SynTPEnh = C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
srmclean = C:\CPQS\SCOM\SRMCLEAN.EXE
eabconfg.cpl = C:\PROGRAM FILES\COMPAQ\EAB\EABSERVR.EXE /START
BigDogPath = C:\WINDOWS\VM_STI.EXE USB PC CAMERA 301P
NMGameX_AutoRun = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE NMGAMEX.DLL,LIVEPROCESS /AA
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
3721 = C:\$NTUNINSTALLQ5926809$\3721.BAT
cnyisou_com = HTTP://WWW.WA110.COM
internat.exe = INTERNAT.EXE
(Default) = REGEDIT -S C:\$NTUNINSTALLQ5926809$\SP4CUSTOM.DLL
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
runeip = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
Microsoft Autorun7 = C:\WINDOWS\SYSTEM32\NWIZTLBU.EXE
Microsoft Autorun11 = C:\WINDOWS\SYSTEM32\NWIZWLWZS.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE" /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(Default) = REGEDIT -S C:\$NTUNINSTALLQ5926809$\SP4CUSTOM.DLL
3721 = C:\$NTUNINSTALLQ5926809$\3721.BAT
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n
gototop
 
冬夜糖浆
头像
初生襁褓狮
  • 帖子:35
  • 注册: 2007-06-28
  • 来自:
发表于: 2007-07-07 19:46 | 短消息 资料
字号: 7楼

偶家的更厉害.十八万的文件里有四万五是有病毒的.
不过还好已经好了.
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT