帮帮我~~客服几天也没解决问题,日志以上传 bbs.ikaka.com

富贵海棠 - 2006-11-9 12:13:00

未知家族病毒分析
扫描结果:
无可疑文件

系统活动进程
H:\TDDOWNLOAD\RSDETECT.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\YCLICKON.DLL
C:\WINDOWS\DOWNLO~1\CNSHOOK.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\3721\ALREX.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASSIST.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL

C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YNOTIFIER.DLL

C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YASSECBLK.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YMENUINFO.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YIEANGEL.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YASMENU.DLL

D:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
D:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
D:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
D:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
D:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
D:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
D:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\E_FLMAIP.DLL

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
D:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
D:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\NOTIFIER.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\3721\SCRBLOCK.DLL
C:\PROGRA~1\3721\ALREX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YSCRBLOCK.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\YCLICKON.DLL
C:\WINDOWS\DOWNLO~1\CNSHOOK.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\WINDOWS\DOWNLO~1\CNSHINT.DLL
C:\PROGRA~1\3721\AUTOLIVE.DLL
C:\PROGRA~1\3721\ALLIVEEX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\WINDOWS\DOWNLO~1\CNSPLUS.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YANGLING.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASSIST.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9.OCX

C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\REGSVR32.EXE
C:\PROGRA~1\3721\HELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPATCH.DLL
C:\WINDOWS\DOWNLO~1\CNSMIN.DLL
C:\WINDOWS\SYSTEM32\DLLREG.DLL

富贵海棠 - 2006-11-9 12:14:00

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R230 Series = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON STYLUS PHOTO R230 SERIES" /O6 "USB001" /M "STYLUS PHOTO R230"
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
CnsMin = RUNDLL32.EXE C:\WINDOWS\DOWNLO~1\CNSMIN.DLL,RUNDLL32
YLive.exe = C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
yassistse = "C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE"
IMJPMIG8.1 = C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
SoundMan = SOUNDMAN.EXE
RfwMain = "D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
REGSHAVE = C:\PROGRAM FILES\REGSHAVE\REGSHAVE.EXE /AUTORUN
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
NvCplDaemon = RUNDLL32.EXE NVQTWK,NVCPLDAEMON INITIALIZE
NeroCheck = C:\WINDOWS\SYSTEM32\\NEROCHECK.EXE
helper.dll = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRA~1\3721\HELPER.DLL,RUNDLL32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE" /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealUpdate = C:\PROGRAM FILES\COMMON FILES\UPDATE\REAL.EXE
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE

AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
C:\Autorun.inf
AUTORUN = xiaoshen.exe

D:\Autorun.inf
AUTORUN = xiaoshen.exe

F:\Autorun.inf
AUTORUN = xiaoshen.exe

G:\Autorun.inf
AUTORUN = xiaoshen.exe

H:\Autorun.inf
AUTORUN = xiaoshen.exe

WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE

IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\System32\xunleibho_v11.dll
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
{38928D50-8A48-44C2-945F-D2F23F771410} = C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = d:\Program Files\Tencent\QQ\QQIEHelper.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:\WINDOWS\downlo~1\CnsHook.dll
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} = C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{33C14E13-8A6C-480F-AB42-CEB841D2BB0C}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{33C14E13-8A6C-480F-AB42-CEB841D2BB0C}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7EF5348-3F19-4B72-9D2F-0CC966829CF4}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7EF5348-3F19-4B72-9D2F-0CC966829CF4}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{133C252D-663A-4DF7-BC82-FA6AA9FF6089}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{133C252D-663A-4DF7-BC82-FA6AA9FF6089}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{85ED8710-A691-489D-9681-2869F0A821B4}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{85ED8710-A691-489D-9681-2869F0A821B4}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA9E7775-2E2B-4B8A-9BB2-0CC493DCCD1F}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA9E7775-2E2B-4B8A-9BB2-0CC493DCCD1F}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A2CB6C5-5053-4CD5-8465-53208701DE02}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A2CB6C5-5053-4CD5-8465-53208701DE02}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cisvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = D:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = D:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{3EF4056B-78AA-4BC6-B51A-74825FF72271}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

富贵海棠 - 2006-11-9 12:15:00

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
401406 = C:\WINDOWS\SYSTEM32\DRIVERS\401406.SYS
a0 = C:\WINDOWS\SYSTEM32\DRIVERS\401406.SYS
ac97intc = C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
cdawdm = C:\WINDOWS\SYSTEM32\DRIVERS\CDAWDM.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = D:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mProcRs = D:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
New0 = C:\WINDOWS\SYSTEM32\NEW.SYS
npkcrypt = D:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
nv4 = C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
R2A = C:\WINDOWS\SYSTEM32A2.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RsFwDrv = D:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RSPPSYS = C:\PROGRAM FILES\RISING\RAV\RSPPSYS.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SONYPVU1 = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbprint = C:\WINDOWS\SYSTEM32\DRIVERS\USBPRINT.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS

瑞星卡卡安全论坛