以下是用瑞星听诊器提取的,请各位高手、版主看看是否有问题,如有问题我该怎么办。
最近受木马的困扰,都快烦死了。
文件关联项
HKEY_CLASSES_ROOT .vbs ----> 超级解霸3000
HKEY_CLASSES_ROOT .scr ----> AutoCADScriptFile
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
ATIModeChange = Ati2mdxx.exe
iparmor = D:\工具\木马克星\Iparmor.exe mini
RavTimer = D:\工具\瑞星杀~1\RAVTIMER.EXE
RavMon = D:\工具\瑞星杀~1\RAVMON.EXE -SYSTEM
RfwMain = d:\瑞星个人防火墙\Rfw\rfwmain.exe
DAEMON Tools-1033 = "D:\工具\虚拟光驱\daemon.exe" -lang 1033
HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
LDM = D:\工具\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = D:\工具\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
shell32.dll = D:\工具\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\System32\webcheck.dll
SysTray = C:\WINDOWS\System32\st
object.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\System32\browseui.dll= Browseui 预加载程序
%SystemRoot%\System32\browseui.dll= 组件类别缓存程序
SYSTEM.INI BOOT SHELL Explorer.exe
其他相关项
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> http://www.sina.com.cn/
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main search page ----> http://www.google.com
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main search bar ----> http://www.google.com/ie
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main default_page_url ----> http://www.zhaoya.com
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search searchassistant ----> http://www.google.com/ie
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search CustomizeSearch ----> http://seek.3721.com/srchcust.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> xiang yu
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> xiang yu
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> APIHookDll.dll
Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
进程列表
[System Process]
System
C:\WINDOWS\system32\LEXBCES.EXE (Made by Lexmark International, Inc.)
C:\WINDOWS\system32\LEXPPS.EXE (Made by Lexmark International, Inc.)
D:\工具\虚拟光驱\daemon.exe (Made by DAEMON'S HOME)
D:\工具\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Made by Macrovision)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\瑞星个人防火墙\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\工具\瑞星杀~1\RAVTIMER.EXE
D:\瑞星个人防火墙\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
D:\工具\瑞星杀毒软件\CCENTER.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\conime.exe
D:\工具\瑞星杀毒软件\Ravmond.exe
D:\工具\瑞星杀毒软件\RavStub.exe
d:\工具\瑞星杀毒软件\RAVMON.EXE
D:\工具\Rav听诊器.exe
进程详细信息
d:\工具\瑞星杀毒软件\RAVMON.EXE
C:\DOCUME~1\apple\LOCALS~1\TempIadHide3.dll (made by BackWeb)
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE (made by Macrovision)
:\工具\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\工具\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\工具\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\backWeb.dll (made by BackWeb Technologies Inc.)
D:\工具\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
D:\工具\DESKTO~1\8876480\614~1.36-\program\EN\ClientRC.dll (made by BackWeb Technologies Inc.)
D:\工具\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
D:\工具\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dllD:\工具\虚拟光驱\daemon.exe
D:\工具\虚拟光驱\daemon.exe (made by DAEMON'S HOME)
D:\工具\虚拟光驱\PFCTOC.DLL (made by Padus(R), Inc.)
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AcSignIcon.dll (made by Autodesk)
D:\工具\winrar\rarext.dll
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\LEXPPS.EXE (made by Lexmark International, Inc.)
C:\WINDOWS\system32\LEXBCE.DLL (made by Lexmark International, Inc.)
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXLMPM.DLL (made by Lexmark International, Inc.)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVBCPP5C.dll (made by Lenovo (Beijing) Ltd.)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll (made by Windows (R) 2000 DDK provider)
C:\WINDOWS\system32\LVBCpwr.dll (made by Lenovo (Beijing) Ltd.)
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE (made by Lexmark International, Inc.)
C:\WINDOWS\system32\lexp2p32.dll (made by Lexmark International, Inc.)
C:\WINDOWS\system32\lex2kusb.dll (made by Lexmark International, Inc.)
ö±z�8¾obbs.ikaka.comBÏ£ã«{��
