扫描日志记录:
系统活动进程
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\CSRSS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\AWGINA.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RFW\RFWSTUB.EXE
C:\WINNT\SYSTEM32\MSVCP71.DLL
C:\WINNT\SYSTEM32\MSVCR71.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SPOOLSV.EXE
C:\WINNT\SYSTEM32\AWMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\UTIL.DLL
C:\WINNT\SYSTEM32\MSVCP60.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\TRAYICON.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\INSTDATA.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCFGMGR.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\S32PCAG.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWSES32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWOFRWRK.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWIO.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\DUNDATA.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\POWERMGR.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCACMNDG.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWGUI32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWDS32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCM32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\CRYPTO.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWTIME32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHK32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCAIME.DLL
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\EHANDRES.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWRES-HOST.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWIORESOURCES.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHPILOT.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWLOG32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\SNMPUTIL.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\LIBSNMP.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCONN32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AW32TCP.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\MMC.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMMC.DLL
C:\WINNT\SYSTEM32\SQLUNIRL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLRESLD.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLMMC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLNS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLGUI.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\W95SCM.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLSVC.DLL
C:\WINNT\SYSTEM32\ODBCBCP.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMSFC.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMCOMN.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLSVC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLGUI.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMSFC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMCOMN.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLNS.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLDMO.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLDMO.RLL
C:\WINNT\SYSTEM32\SQLSRV32.DLL
C:\WINNT\SYSTEM32\SQLSRV32.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMDLL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMCROS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMMAP.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMEXEC.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMWIZ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMSYS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMWEBWZ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMOBJ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMREPL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMMAP.RLL
C:\WINNT\SYSTEM32\MAPI32.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMCROS.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMEXEC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMSYS.RLL
C:\PROGRAM FILES\
普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Internat.exe = INTERNAT.EXE
系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
其它启动项
WIN.INI
无信息
SYSTEM.INI
SHELL = Explorer.exe
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wzcnotif = WZCDLG.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINNT\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE
IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:\Program Files\360safe\safemon\safemon.dll
Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F9F4A9D-458B-4CF2-A398-4B52AF0E934D}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F9F4A9D-458B-4CF2-A398-4B52AF0E934D}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA4578C7-D753-4C78-ACFE-9E1C79C3F6FD}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA4578C7-D753-4C78-ACFE-9E1C79C3F6FD}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C504B259-47C6-40FB-8FAC-0882838181BB}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C504B259-47C6-40FB-8FAC-0882838181BB}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINNT\SYSTEM32\SERVICES.EXE
AppMgmt = C:\WINNT\SYSTEM32\SERVICES.EXE
awhost32 = C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE
BITS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP
bjolehv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BJOLEHV
bndufm = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BNDUFM
Browser = C:\WINNT\SYSTEM32\SERVICES.EXE
cisvc = C:\WINNT\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINNT\SYSTEM32\CLIPSRV.EXE
cnnbuwv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K CNNBUWV
Computer Management = C:\WINNT\SYSTEM32\283744064700.EXE
cztnxu = C:\WINNT\SYSTEM32\SVCHOST.EXE -K CZTNXU
Dfs = C:\WINNT\SYSTEM32\DFSSVC.EXE
Dhcp = C:\WINNT\SYSTEM32\SERVICES.EXE
dmadmin = C:\WINNT\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINNT\SYSTEM32\SERVICES.EXE
Dnscache = C:\WINNT\SYSTEM32\SERVICES.EXE
dvkmzc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K DVKMZC
elklrg = C:\WINNT\SYSTEM32\SVCHOST.EXE -K ELKLRG
Eventlog = C:\WINNT\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Fax = C:\WINNT\SYSTEM32\FAXSVC.EXE
gcvdbhv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K GCVDBHV
huaaefv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K HUAAEFV
IISADMIN = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
IsmServ = C:\WINNT\SYSTEM32\ISMSERV.EXE
kdc = C:\WINNT\SYSTEM32\LSASS.EXE
lanmanserver = C:\WINNT\SYSTEM32\SERVICES.EXE
lanmanworkstation = C:\WINNT\SYSTEM32\SERVICES.EXE
LicenseService = C:\WINNT\SYSTEM32\LLSSRV.EXE
LmHosts = C:\WINNT\SYSTEM32\SERVICES.EXE
lxneqa = C:\WINNT\SYSTEM32\SVCHOST.EXE -K LXNEQA
Messenger = C:\WINNT\SYSTEM32\SERVICES.EXE
mnmsrvc = C:\WINNT\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINNT\SYSTEM32\MSDTC.EXE
MSFTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
MSIServer = C:\WINNT\SYSTEM32\MSIEXEC.EXE /V
MSSEARCH = "C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE"
MSSQLSERVER = C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLSERVR.EXE
muvihov = C:\WINNT\SYSTEM32\SVCHOST.EXE -K MUVIHOV
NetDDE = C:\WINNT\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINNT\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINNT\SYSTEM32\LSASS.EXE
Netman = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NntpSvc = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
NtFrs = C:\WINNT\SYSTEM32\NTFRS.EXE
NtLmSsp = C:\WINNT\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINNT\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINNT\SYSTEM32\LSASS.EXE
ppxktt = C:\WINNT\SYSTEM32\SVCHOST.EXE -K PPXKTT
ProtectedStorage = C:\WINNT\SYSTEM32\SERVICES.EXE
puqdsu = C:\WINNT\SYSTEM32\SVCHOST.EXE -K PUQDSU
qaizel = C:\WINNT\SYSTEM32\SVCHOST.EXE -K QAIZEL
RasMan = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
rdrlfmv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RDRLFMV
RemoteAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINNT\SYSTEM32\REGSVC.EXE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINNT\SYSTEM32\LOCATOR.EXE
RpcServ = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSERV
RpcServer = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSERVER
RpcSs = C:\WINNT\SYSTEM32\SVCHOST -K RPCSS
RPCSSss = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSSSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINNT\SYSTEM32\RSVP.EXE -S
rxqdhv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RXQDHV
SamSs = C:\WINNT\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINNT\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINNT\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINNT\SYSTEM32\MSTASK.EXE
seclogon = C:\WINNT\SYSTEM32\SERVICES.EXE
SENS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Serv-U = D:\PROGRAM FILES\RHINOSOFT.COM\SERV-U\SERVUDAEMON.EXE
SharedAccess = C:\WINNT\SYSTEM32\
清理方法:
这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。
http://dl.filseclab.com/down/powerrmv.zip
删除:
c:\winnt\system32\skgusr.dll
c:\winnt\system32\ghokxw.dll
c:\winnt\system32\qaizel.dll
c:\winnt\system32\ewlrzt.dll
在安全糢式下
删除服务
[Remoterse Procedure Call (RPCS) / RpcServ][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k RpcServ-->%SystemRoot%\System32\wwggmn.dll><N/A>
[Remoter Procedure Call (RPCS) / RpcServer][Running/Auto Start]
<C:\WINNT\system32\svchost.exe -k RpcServer-->%SystemRoot%\System32\typcoa.dll><N/A>
[RPCSSss / RPCSSss][Running/Auto Start]
<C:\WINNT\system32\SVCHOST.EXE -k RPCSSss-->%SystemRoot%\System32\jgkwdy.dll><N/A>
[muvihov / muvihov][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k muvihov-->%SystemRoot%\System32\muviho.dll><N/A>
[ppxktt / ppxktt][Stopped/Auto Start]
<C:\WINNT\system32\SvChOsT.EXE -k ppxktt-->%SystemRoot%\System32\zoyeox.dll><N/A>
[puqdsu / puqdsu][Running/Auto Start]
<C:\WINNT\system32\SVchOst.Exe -k puqdsu-->%SystemRoot%\System32\ghokxw.dll><N/A>
[qaizel / qaizel][Stopped/Auto Start]
<C:\WINNT\system32\svchost.exe -k qaizel-->%SystemRoot%\System32\qaizel.dll><N/A>
[Remote Access Auto Connection Manager / RasAuto][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[rdrlfmv / rdrlfmv][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k rdrlfmv-->%SystemRoot%\System32\rdrlfm.dll><N/A>
[dvkmzc / dvkmzc][Running/Auto Start]
<C:\WINNT\system32\SvCHOsT.eXE -k dvkmzc-->%SystemRoot%\System32\ewlrzt.dll><N/A>
[elklrg / elklrg][Stopped/Auto Start]
<C:\WINNT\system32\SVchOst.Exe -k elklrg-->%SystemRoot%\System32\bfkjkk.dll><N/A>
[gcvdbhv / gcvdbhv][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k gcvdbhv-->%SystemRoot%\System32\gcvdbh.dll><N/A>
[huaaefv / huaaefv][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k huaaefv-->%SystemRoot%\System32\huaaef.dll><N/A>
[lxneqa / lxneqa][Stopped/Auto Start]
<C:\WINNT\system32\SvChOsT.EXE -k lxneqa-->%SystemRoot%\System32\rmsfye.dll><N/A>
[bjolehv / bjolehv][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k bjolehv-->%SystemRoot%\System32\bjoleh.dll><N/A>
[bndufm / bndufm][Stopped/Disabled]
<C:\WINNT\system32\SVchOst.Exe -k bndufm-->%SystemRoot%\System32\yucvfm.dll><N/A>
[cnnbuwv / cnnbuwv][Others/Auto Start]
<C:\WINNT\system32\svchost.exe -k cnnbuwv-->%SystemRoot%\System32\cnnbuw.dll><N/A>
[Computer Management / Computer Management][Stopped/Auto Start]
<C:\WINNT\system32\283744064700.exe><N/A>
[cztnxu / cztnxu][Stopped/Auto Start]
<C:\WINNT\system32\SvChOsT.EXE -k cztnxu-->%SystemRoot%\System32\zquxcf.dll><N/A>
删除文件
C:\WINNT\system32\setup.exe
\SystemRoot\System32\Drivers\dtscsi.sys
c:\winnt\system32\bazojt.dll
c:\winnt\system32\skgusr.dll
c:\winnt\system32\ghokxw.dll
c:\winnt\system32\ewlrzt.dll
C:\WINNT\system32\SvCHOsT.eXE
c:\winnt\system32\typcoa.dll
c:\winnt\system32\jgkwdy.dll
c:\winnt\system32\skgusr.dll
修复文件关联 HOST表
|
