我异常清楚自己的电脑中毒了``但诊断说没有```` bbs.ikaka.com

盼盼磕头 - 2008-2-23 5:44:00

未知家族病毒分析
扫描结果:
无可疑文件

系统活动进程
C:\WINDOWS\SYSTEM32\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\NETSRV.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\QFSHELL.DLL
C:\WINDOWS\533931MM.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL

C:\DOCUMENTS AND SETTINGS\XY\桌面\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\NILUW.DLL
C:\WINDOWS\SYSTEM32\GNAIXNAUHQQ.DLL
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL
C:\WINDOWS\SYSTEM32\MNAUYGNIQAIXNAIJ.DLL
C:\WINDOWS\SYSTEM32\HJIQ.DLL
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\SYSTEM32\CUHAD.DLL
C:\WINDOWS\SYSTEM32\TSQC.DLL
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL
C:\WINDOWS\SYSTEM32\LAIXUHZ.DLL
C:\WINDOWS\SYSTEM32\QLIHZOUHGNFE.DLL
C:\WINDOWS\SYSTEM32\SAUHAD.DLL
C:\WINDOWS\SYSTEM32\OAIJIHZEUYOUHZ.DLL
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL

C:\WINDOWS\SYSTEM32\INTERNAT.EXE
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL

C:\WINDOWS\RHLVESCU.EXE
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\IRTHBLQV.DLL

C:\WINDOWS\SYSTEM32\CMD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\SYSTEM32\CUHAD.DLL
C:\WINDOWS\SYSTEM32\LAIXUHZ.DLL
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\WINWB86.IME
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9C.OCX

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Qfrun = C:\WINDOWS\SYSTEM32\QFRUN.EXE
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
MsIMMs32 = C:\WINDOWS\MSIMMS32.EXE
upxdnd = C:\WINDOWS\UPXDND.EXE
WinSysM = C:\WINDOWS\533931M.EXE
cmdbcs = C:\WINDOWS\CMDBCS.EXE
PTSShell = C:\WINDOWS\PTSSHELL.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ciivgmhsg = CIIVGMHSG.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
FlashPlayerUpdate = C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9C.EXE

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe

Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
DfLogon = LOGONDLL.DLL
NavLogon = C:\WINDOWS\SYSTEM32\NAVLOGON.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\DRIVERS\US51848.BAT,
shell = EXPLORER.EXE

IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} = C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD nwlnkipx [IPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0C49788-20B3-43E2-8243-505F4D32FA00}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0C49788-20B3-43E2-8243-505F4D32FA00}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25AFDC2D-6FCC-4B88-B83E-6B1D4A878276}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25AFDC2D-6FCC-4B88-B83E-6B1

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

瑞星卡卡安全论坛