瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求救!!!!!!!求救!!!!!!!!!

1   1  /  1  页   跳转

求救!!!!!!!求救!!!!!!!!!

收藏
阿闷
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-09-09
  • 来自:
发表于: 2007-09-09 18:28 | 只看楼主 短消息 资料
字号: 1楼

求救!!!!!!!求救!!!!!!!!!

我的电脑中了个病毒,一连接网络就开始往我电脑下栽病毒,瑞星也不停的弹出发现病毒的信号,过段时间后就会弹出一个窗口,说一个叫114.exe的文件遇到问题后需要关闭,然后病毒警告就停止了,但过段时间后就又开始了。我用升到最高级的瑞星2007杀了N次都找不到病毒的根,进入安全模式也查不出什么。
  光是9月8号一天我就杀了4万多个病毒,病毒名称都带有WIN32什么什么的。
  希望大家能帮帮我,我不想重装系统,谢谢了!

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2007-09-09 18:44:01
分享到:
gototop
 
阿闷
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-09-09
  • 来自:
发表于: 2007-09-09 18:49 | 只看楼主 短消息 资料
字号: 2楼

未知家族病毒分析
扫描结果:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\118.exe --> 与 Trojan.PSW.WoWar 46%相似.

系统活动进程
D:\RSDETECT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CMD.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WUPS2.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\PNKBSTRB.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\HPZLL4PI.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\HPZPP4PI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RSV10.TMP
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DSBHO_00.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\THUNDER\PROGRAM\THUNDER5.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
D:\THUNDER\PROGRAM\TASKMANAGER.DLL
D:\THUNDER\PROGRAM\DOWNLOAD_INTERFACE.DLL
D:\THUNDER\PROGRAM\STLPORT_VC646.DLL
D:\THUNDER\PROGRAM\ASYN_DNS.DLL
D:\THUNDER\PROGRAM\ITARGETAD.DLL
D:\THUNDER\PROGRAM\BHOSTUB.DLL
D:\THUNDER\PROGRAM\FLOATBAR.DLL
D:\THUNDER\COMPONENTS\DOWNANDPLAY\DOWNANDPLAY.DLL
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9C.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\THUNDER\COMPONENTS\INMEDIA\IEMBEDSHELL.DLL
D:\THUNDER\COMPONENTS\INMEDIA\IEMBED10.DLL
D:\THUNDER\COMPONENTS\COMMUNITY\XLCOMMUNITY.DLL
D:\THUNDER\PROGRAM\REGISTERDLL.DLL
D:\THUNDER\PROGRAM\MSVCIRT.DLL
D:\THUNDER\COMPONENTS\SECURITY\THUNDERSAFE.DLL
D:\THUNDER\PROGRAM\XLNET.DLL
D:\THUNDER\COMPONENTS\SEARCH\XLSEARCH.DLL
D:\THUNDER\COMPONENTS\P4PCLIENT\P4PCLIENT.DLL
D:\THUNDER\PROGRAM\LIVEUPDATE.DLL
D:\THUNDER\PLUGINS\BHOADV\BHO_ADV.DLL
D:\THUNDER\COMPONENTS\DOWNLOADSTAT\DOWNLOADSTAT.DLL
D:\THUNDER\COMPONENTS\EXPLORERHELPER\EXPLORERHELPER.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
D:\THUNDER\COMPONENTS\DOWNANDPLAY\DAPPLAYER_NOW.DLL
D:\THUNDER\COMPONENTS\TIPS\TIPSCLIENT.DLL
D:\THUNDER\COMPONENTS\VPSHELL\VPSHELL.DLL
D:\THUNDER\COMPONENTS\VPSHELL\VIDEOPICTURE.DLL
D:\THUNDER\COMPONENTS\USEREXPERIENCE\USEREXPERIENCE.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DSXLCOM.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
D:\THUNDER\COMPONENTS\RESWORKER\MEDIAWORKER.DLL
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL
C:\PROGRAM FILES\RISING\RFW\RSXML.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\SHLHOOK.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\SYSTEM6.INS
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.WIN
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\WINDOWS\RICHDLL.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL
D:\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DSBHO_00.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\WINDOWS\LOGO1_.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\RUNIEP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\118.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
D:\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DSBHO_00.DLL
D:\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
C:\PROGRAM FILES\RISING\KAKATOOLBAR\IEPROT.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE32.SYS
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9C.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL
C:\WINDOWS\RICHDLL.DLL

普通自启动项

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
E:\Autorun.inf
AUTORUN = AutoRun.exe
WIN.INI
无信息
SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\JOGABO~1.SCR
gototop
 
阿闷
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-09-09
  • 来自:
发表于: 2007-09-09 18:51 | 只看楼主 短消息 资料
字号: 3楼



Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE

IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233} = D:\Thunder\ComDlls\TDAtOnce_Now.dll
{6E28339A-7A2A-47B6-AEB2-197004272379} = D:\Thunder\ComDlls\xunleiBHO_Now.dll
{6E28339B-7A2A-47B6-AEB2-197004272379} = C:\WINDOWS\vchelper.dll

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD Tcpip [TCP/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E72C035-0890-48DA-A436-1C8813441583}] SEQPACKET 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E72C035-0890-48DA-A436-1C8813441583}] DATAGRAM 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8972A345-5153-4C0D-9D2C-D3BECCB36968}] SEQPACKET 8 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8972A345-5153-4C0D-9D2C-D3BECCB36968}] DATAGRAM 8 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{67B4864C-B936-45ED-BE91-8A25772BF96D}] SEQPACKET 9 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{67B4864C-B936-45ED-BE91-8A25772BF96D}] DATAGRAM 9 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A4C4F496-2486-42D7-8C66-98178B1C4995}] SEQPACKET 10 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A4C4F496-2486-42D7-8C66-98178B1C4995}] DATAGRAM 10 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{67B4864C-B936-45ED-BE91-8A25772BF96D}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{67B4864C-B936-45ED-BE91-8A25772BF96D}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8972A345-5153-4C0D-9D2C-D3BECCB36968}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8972A345-5153-4C0D-9D2C-D3BECCB36968}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E72C035-0890-48DA-A436-1C8813441583}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E72C035-0890-48DA-A436-1C8813441583}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{565A63C0-1F20-4071-875F-6D96975FFC4F}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{565A63C0-1F20-4071-875F-6D96975FFC4F}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{75D6A6C8-080F-49D1-B8DF-8B79FF7CFC55}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{75D6A6C8-080F-49D1-B8DF-8B79FF7CFC55}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{655A92E5-C3DE-4136-805C-921CB2FA89D5}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{655A92E5-C3DE-4136-805C-921CB2FA89D5}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{67A6DA1F-EF54-4D52-A956-F28C893B382F}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{67A6DA1F-EF54-4D52-A956-F28C893B382F}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
6to4 = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Adobe LM Service = "C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\SERVICE\ADOBELMSVC.EXE"
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
ATI Smart = C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
Pml Driver HPZ12 = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
PnkBstrA = C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
PnkBstrB = C:\WINDOWS\SYSTEM32\PNKBSTRB.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{340FA70C-B299-4377-918A-E4AFF0B6AC26}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
usprserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
gototop
 
阿闷
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-09-09
  • 来自:
发表于: 2007-09-09 18:53 | 只看楼主 短消息 资料
字号: 4楼



文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
ATICDSDr = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\{1735A~1\ATIICDXX.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
EagleNT = C:\WINDOWS\SYSTEM32\DRIVERS\EAGLENT.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HDAudBus = C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
hidusb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = C:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntcAzAudAddService = C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kdngnck = C:\WINDOWS\SYSTEM32\DRIVERS\KDNGNCK.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
mProcRs = C:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = D:\QQ\NPKCRYPT.SYS
npkycryp = D:\TENCENT\QQ\NPKYCRYP.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PnkBstrK = C:\WINDOWS\SYSTEM32\DRIVERS\PNKBSTRK.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RsAntiSpyware = C:\WINDOWS\SYSTEM32\DRIVERS\RSBOOT.SYS
RsFwDrv = C:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
RSPPSYS = C:\PROGRAM FILES\RISING\RAV\RSPPSYS.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
Tcpip6 = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP6.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
tunmp = C:\WINDOWS\SYSTEM32\DRIVERS\TUNMP.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
usbprint = C:\WINDOWS\SYSTEM32\DRIVERS\USBPRINT.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
XDva013 = C:\WINDOWS\SYSTEM32\XDVA013.SYS
gototop
 
阿闷
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-09-09
  • 来自:
发表于: 2007-09-09 18:54 | 只看楼主 短消息 资料
字号: 5楼

我用瑞星听诊器扫了个日志  不知道行不
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT