未知家族病毒分析
扫描结果:
C:\DOCUME~1\vaio\LOCALS~1\Temp\~2.tmp.exe --> 与 Worm.Bobic 78%相似.
C:\WINDOWS\System32\spooIsv.exe --> 与 Backdoor.IRCbot 94%相似.


系统活动进程
C:\WINDOWS\SYSTEM32\ICO.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\DOCUME~1\VAIO\LOCALS~1\TEMP\~2.TMP.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
D:\PROGRA~1\3721\SKE\CONTMENU.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\PROGRA~1\FTC\COMMENU.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\MSVCR71.DLL
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\MSVCP71.DLL

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM32\ATRPUIXX.CHS
C:\WINDOWS\SYSTEM32\ATIPDSXX.DLL

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM32\SYNTPAPI.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKRES.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\JOG DIAL UTILITY\JOGDIAL.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SONY UTILITIES\SNYUTILS.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SXBIOS\SXBIOS.DLL

C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\JOGSERV2.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\COMCENTER.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\JOGLOCALE.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\STATEMGR.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\VIEW.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\TRAYICON.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\REMOCON.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\SOUND.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\INDCTR.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\SETTING.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SONY UTILITIES\SNYUTILS.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SXBIOS\SXBIOS.DLL

D:\易发\BIN\YFDOWN.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\DAEMON.DLL
C:\PROGRAM FILES\D-TOOLS\PFCTOC.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\BW5MOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\CCDMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\MDSMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\NRGMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\PDIMOUNT.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE
C:\PROGRAM FILES\SKYNET\FIREWALL\SKYMISC.DLL
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SPOOISV.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL

C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\UILIBRARY\UILIB.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\UILIBRARY\TASTES\GOLD.DLL
C:\PROGRAM FILES\POWERPANEL\PROGRAM\ENGPM.DLL
C:\PROGRAM FILES\POWERPANEL\PROGRAM\PMDM.DLL
C:\PROGRAM FILES\POWERPANEL\PROGRAM\ENGDM.DLL
C:\PROGRAM FILES\POWERPANEL\PROGRAM\PTLACPI.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SONY UTILITIES\SNYUTILS.DLL
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\SXBIOS\SXBIOS.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\POWERPANEL\PROGRAM\BSACPICM.DLL
C:\PROGRAM FILES\POWERPANEL\PROGRAM\BSNTSBS.DLL

C:\DOCUMENTS AND SETTINGS\VAIO\MY DOCUMENTS\RSDETECT.EXE
C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\WMHOOK.DLL
C:\WINDOWS\SYSTEM32\SYNTPFCS.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
ATIModeChange = ATI2MDXX.EXE
AtiPTA = ATIPTAXX.EXE
SynTPLpr = C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
SynTPEnh = C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
HKSERV.EXE = C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
JOGSERV2.EXE = C:\PROGRAM FILES\SONY\JOG DIAL NAVIGATOR\JOGSERV2.EXE
IMEKRMIG6.1 = C:\WINDOWS\IME\IMKR6_1\IMEKRMIG.EXE
yfdown = D:\易发\BIN\YFDOWN.EXE
DAEMON Tools-1033 = "C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE" -LANG 1033
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
SKYNET Personal FireWall = C:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE
Spooler SubSystem App = C:\WINDOWS\SYSTEM32\SPOOISV.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
MSMSGS = "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B2BB133F-FFDC-46CC-8E91-5C72183F043B}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B2BB133F-FFDC-46CC-8E91-5C72183F043B}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89BC8E2E-544B-48F2-BD84-38E93207BD69}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89BC8E2E-544B-48F2-BD84-38E93207BD69}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

MSAFD NetBIOS [\Device\NetBT_Tcpip_{79034894-27ED-4FB9-9EBB-0DF2A3496B4A}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{79034894-27ED-4FB9-9EBB-0DF2A3496B4A}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{59C983B4-C67D-48DB-8B42-6DF7FED2408B}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{59C983B4-C67D-48DB-8B42-6DF7FED2408B}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F0B5A62-D921-470A-86E0-E1129B7AA83C}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F0B5A62-D921-470A-86E0-E1129B7AA83C}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{12B60E06-B086-46BB-9A0B-CCC2138C16BD}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{12B60E06-B086-46BB-9A0B-CCC2138C16BD}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C9A0C7F-25E6-4C2E-891C-E8A62BF18901}] SEQPACKET 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C9A0C7F-25E6-4C2E-891C-E8A62BF18901}] DATAGRAM 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cisvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LightScribeService = C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
SPTISRV = C:\PROGRAM FILES\COMMON FILES\SONY SHARED\AVLIB\SPTISRV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{78EF6B75-F228-4530-BB40-BD20796B966F}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UleadBurningHelper = C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

WmdmPmSp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
61883 = C:\WINDOWS\SYSTEM32\DRIVERS\61883.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
ACPIEC = C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
AIT800AV = C:\WINDOWS\SYSTEM32\DRIVERS\AIT800V.SYS
Arp1394 = C:\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
Avc = C:\WINDOWS\SYSTEM32\DRIVERS\AVC.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
BulkUsb = C:\WINDOWS\SYSTEM32\DRIVERS\USBSYNC.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
CmBatt = C:\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS
Compbatt = C:\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS
d344bus = C:\WINDOWS\SYSTEM32\DRIVERS\D344BUS.SYS
d344prt = C:\WINDOWS\SYSTEM32\DRIVERS\D344PRT.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
DMICall = C:\WINDOWS\SYSTEM32\DRIVERS\DMICALL.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
E100B = C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fallback = C:\WINDOWS\SYSTEM32\DRIVERS\FALLBACK.SYS
Fsks = C:\WINDOWS\SYSTEM32\DRIVERS\FSKSNT.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
GPKiller = C:\WINDOWS\SYSTEM32\DRIVERS\GPKILLER.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Ich = C:\WINDOWS\SYSTEM32\DRIVERS\ICH.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
K56 = C:\WINDOWS\SYSTEM32\DRIVERS\K56NT.SYS
k750bus = C:\WINDOWS\SYSTEM32\DRIVERS\K750BUS.SYS
k750mdfl = C:\WINDOWS\SYSTEM32\DRIVERS\K750MDFL.SYS
k750mdm = C:\WINDOWS\SYSTEM32\DRIVERS\K750MDM.SYS
k750obex = C:\WINDOWS\SYSTEM32\DRIVERS\K750OBEX.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
mdmxsdk = C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSDV = C:\WINDOWS\SYSTEM32\DRIVERS\MSDV.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
NIC1394 = C:\WINDOWS\SYSTEM32\DRIVERS\NIC1394.SYS
npkcrypt = D:\ENGLISH\QQ\NPKCRYPT.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
ohci1394 = C:\WINDOWS\SYSTEM32\DRIVERS\OHCI1394.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
Pcmcia = C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
PxHelp20 = C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
Rksample = C:\WINDOWS\SYSTEM32\DRIVERS\RKSAMPLE.SYS
Rtvcan = C:\WINDOWS\SYSTEM32\RTVCAN.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
Sfloppy = C:\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS
SKNFW = C:\WINDOWS\SYSTEM32\DRIVERS\SKNFW.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
SNC = C:\WINDOWS\SYSTEM32\DRIVERS\SONYNC.SYS
SoftFax = C:\WINDOWS\SYSTEM32\DRIVERS\FAXNT.SYS
SPI = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPI.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
SynTP = C:\WINDOWS\SYSTEM32\DRIVERS\SYNTP.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Tones = C:\WINDOWS\SYSTEM32\DRIVERS\TONESNT.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbscan = C:\WINDOWS\SYSTEM32\DRIVERS\USBSCAN.SYS
usbstor = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
V124 = C:\WINDOWS\SYSTEM32\DRIVERS\V124NT.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WDM_YAMAHAAC97 = C:\WINDOWS\SYSTEM32\DRIVERS\YACXGC.SYS
winachsf = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS

希望大虾们帮我解决啊,谢谢了

现在不断有~X.exe访问网络啊,大家帮帮忙啊.

这里还有日志

Logfile of HijackThis v1.99.1
Scan saved at 0:17:40, on 2006-8-9
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
D:\易发\bin\yfdown.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\spooIsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vaio\桌面\ha_hijackthis_1991\HijackThis.exe

O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [yfdown] D:\易发\bin\yfdown.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [sXHa]_H\gULXQSVYuNTT] C:\WINDOWS\System32\zlapavcpad.exe
O4 - HKLM\..\RunServices: [sXHa]_H\gULXQSVYuNTT] C:\WINDOWS\System32\zlapavcpad.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - D:\english\jgkk\IEPlugin.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - D:\english\jgkk\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/cn/
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_admin88&url=http://client.jogo.cn/download/cnnic/cdn.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9A0C7F-25E6-4C2E-891C-E8A62BF18901}: NameServer = 202.96.128.86 202.96.134.133
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

怎么没人理我呢?好失落啊.