瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 举报新病毒!百度里查不到此进程的!
qinyangwen - 2006-11-23 16:48:00
未知家族病毒分析
扫描结果:
C:\Windows\system32\LSYGNTA.EXE --> 与 Trojan.QQMSG.MsgSender 40%相似.


系统活动进程
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\NVIDIA CORPORATION\NVMIXER\NVMIXERTRAY.EXE
C:\PROGRAM FILES\NVIDIA CORPORATION\NVMIXER\NVMIXERENU.DLL
C:\PROGRAM FILES\COMMON FILES\NVIDIA SHARED\AUDIO\NVAUDIOMOD.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE
C:\WINDOWS\SYSTEM32\LSYGNTA.EXE
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\DAEMON TOOLS\DAEMON.EXE
C:\PROGRAM FILES\DAEMON TOOLS\DAEMON.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PFCTOC.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PLUGINS\IMAGES\BW5MOUNT.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PLUGINS\IMAGES\CCDMOUNT.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PLUGINS\IMAGES\MDSMOUNT.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PLUGINS\IMAGES\NRGMOUNT.DLL
C:\PROGRAM FILES\DAEMON TOOLS\PLUGINS\IMAGES\PDIMOUNT.DLL

C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SYSTEM32\VM31BPRP.AX

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDSXX.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDXXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE
C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\ENGINE.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRA~1\DVDIDL~1\DVDSHELL.DLL
C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\SHELLEXECUTEHOOK.DLL
C:\PROGRA~1\WINDOW~2\WMPBAND.DLL
C:\WINDOWS\SYSTEM32\WPDSHSERVICEOBJ.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICETYPES.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MFC71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCR71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
C:\WINDOWS\SYSTEM32\QYELTZFMR.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_002.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\NWCJPXCJ.DLL
C:\PROGRAM FILES\NERO\NERO 7\NERO BACKITUP\NBSHELL.DLL
C:\PROGRAM FILES\NERO\NERO 7\NERO BACKITUP\MFC71U.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\CONTEXT.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL

C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\UPDATEDOWNLOAD.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\DOWNLOAD_INTERFACE.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\LOG4CPLUS.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\STLPORT_VC646.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\ASYN_DNS.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\MSGMANAGE.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\HISTORYINFO_MANAGE.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\REGISTERDLL.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\FLOATBAR.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PLUGINS\TINGTING\TINGTING.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\IEMBEDSHELL.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\IEMBED04.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\P4PCLIENT\P4PCLIENT.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRA~1\DVDIDL~1\DVDSHELL.DLL
C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\SHELLEXECUTEHOOK.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\ITARGETAD.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MFPLAT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\WMVDECOD.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\CFOSSPEED\SPD.EXE
C:\DOCUMENTS AND SETTINGS\QINYANGWEN\桌面\软件\DOWNBANK061023 PRCMGR\PRCMGR\PRCMGR.EXE
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
C:\WINDOWS\SYSTEM32\VB6CHS.DLL
C:\WINDOWS\SYSTEM32\DAO360.DLL
C:\WINDOWS\SYSTEM32\COMCTL32.OCX
C:\WINDOWS\SYSTEM32\MSCOMCTL.OCX

附件: 79099620061123163955.JPG
qinyangwen - 2006-11-23 16:49:00
C:\WINDOWS\SYSTEM32\CONIME.EXE
F:\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\LSYGNTA.EXE
F:\BT发动机\BTENGINE\BTENGINE.EXE
C:\PROGRAM FILES\NETSOFT\P2POVER\P2POVER.EXE
C:\WINDOWS\SYSTEM32\WPCAP.DLL
C:\WINDOWS\SYSTEM32\PTHREADVC.DLL
C:\WINDOWS\SYSTEM32\PACKET.DLL
C:\PROGRAM FILES\NETSOFT\P2POVER\DBDLL.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\KAKATOOL.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V13.DLL
C:\WINDOWS\SYSTEM32\QYELTZFMR.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_002.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL

C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE
C:\PROGRAM FILES\BITCOMET\DBGHELP.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
MSPY2002 = C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE /SYNC
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
NVMixerTray = "C:\PROGRAM FILES\NVIDIA CORPORATION\NVMIXER\NVMIXERTRAY.EXE"
cFosSpeed = C:\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE
DAEMON Tools = "C:\PROGRAM FILES\DAEMON TOOLS\DAEMON.EXE" -LANG 1033
NeroFilterCheck = C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NEROCHECK.EXE
BigDogPath = C:\WINDOWS\VM_STI.EXE VIMICRO USB PC CAMERA
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
ATIPTA = C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
systemdll = REGSVR32 /S C:\WINDOWS\SYSTEM32\SYSTEM.DLL
!ewido = "C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE" /MINIMIZED

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
system = C:\WINDOWS\SYSTEM32\SYSTEM.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,C:\WINDOWS\SYSTEM32\IEXPLORE.EXE
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\system32\xunleibho_v13.dll
{6A84F9D8-2604-4AAD-891F-866A9B4776B9} = C:\WINDOWS\system32\QYELTZFMR.DLL
{6A84F9D8-2604-4AAD-891F-866A9B4776B9}? = NULL
{889D2FEB-5411-4565-8998-1DD2C5261283} = C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9A25328-298C-4EDD-B004-9BECA25A2135}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9A25328-298C-4EDD-B004-9BECA25A2135}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{34606E5F-282D-4F5D-A53B-1CD16EA2C788}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{34606E5F-282D-4F5D-A53B-1CD16EA2C788}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{80C03518-219D-4E24-AC76-1264AA6A55A7}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{80C03518-219D-4E24-AC76-1264AA6A55A7}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{742A6B6A-28DA-4FAB-B617-FB475FBEAC73}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{742A6B6A-28DA-4FAB-B617-FB475FBEAC73}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B95C210-4C25-48DB-B2BE-7CAAA651C6A0}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B95C210-4C25-48DB-B2BE-7CAAA651C6A0}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
qinyangwen - 2006-11-23 16:49:00
系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
ATI Smart = C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cFosSpeedS = "C:\PROGRAM FILES\CFOSSPEED\SPD.EXE" -SERVICE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ewido anti-spyware 4.0 guard = C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
InterNetS = C:\WINDOWS\SYSTEM32\LSYGNTA.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
Mysee2_Runtime = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K MYSEE2
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RealPlayZ = C:\WINDOWS\SYSTEM32\LSZFNTZ.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
rpcapd = "%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{56874C56-9E8D-4A10-A859-0C7A1271B520}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VMwvare = C:\WINDOWS\SYSTEM32\LSYGNTA.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
WMPNetworkSvc = C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WudfSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
qinyangwen - 2006-11-23 16:50:00
系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AmdK7 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK7.SYS
Arp1394 = C:\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
cFosSpeed = C:\WINDOWS\SYSTEM32\DRIVERS\CFOSSPEED.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
dtscsi = C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
ewido anti-spyware 4.0 driver = C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
NIC1394 = C:\WINDOWS\SYSTEM32\DRIVERS\NIC1394.SYS
NPF = C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
npkycryp = C:\PROGRAM FILES\TENCENT\QQ\NPKYCRYP.SYS
nvatabus = C:\WINDOWS\SYSTEM32\DRIVERS\NVATABUS.SYS
nvax = C:\WINDOWS\SYSTEM32\DRIVERS\NVAX.SYS
nvnforce = C:\WINDOWS\SYSTEM32\DRIVERS\NVAPU.SYS
nv_agp = C:\WINDOWS\SYSTEM32\DRIVERS\NV_AGP.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
ohci1394 = C:\WINDOWS\SYSTEM32\DRIVERS\OHCI1394.SYS
p2pfilter = C:\PROGRAM FILES\NETSOFT\P2POVER\P2PFILTER.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RsAntiSpyware = C:\WINDOWS\SYSTEM32\DRIVERS\RSBOOT.SYS
RSPPSYS = C:\PROGRAM FILES\RISING\RAV\RSPPSYS.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
ScsiPort = C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sfdrv01 = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS
sfhlp02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS
sfsync02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS
sfvfs02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFVFS02.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
WudfPf = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFPF.SYS
WudfRd = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFRD.SYS
XScanPF = F:\HACK\工具\扫描\X-SCAN-V3.3-CN\X-SCAN-V3.3\DAT\XPF.SYS
ZSMC301b = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS

qinyangwen - 2006-11-23 16:53:00
症状是鼠标过一段时间自己动,还在里面乱点!
1
查看完整版本: 举报新病毒!百度里查不到此进程的!
© 2000 - 2026 Rising Corp. Ltd.