未知家族病毒分析 扫描结果: 无可疑文件 系统活动进程 C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE C:\WINDOWS\SYSTEM32\CBA.DLL C:\WINDOWS\SYSTEM32\MSGSYS.DLL C:\WINDOWS\SYSTEM32\NTS.DLL C:\WINDOWS\SYSTEM32\PDS.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\NAVLU.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\I2LDVP3.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\ECMLDR32.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRT32.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\NAVNTUTL.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080709.003\ECMSVR32.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080709.003\NAVEX32A.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080709.003\NAVENG32.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\IMAIL.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\NOTESEXT.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPMSECE2.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DECSDK.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2ID.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2ZIP.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2SS.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2GZIP.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2CAB.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2LHA.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2ARJ.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2TNEF.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2LZ.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2AMG.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2TAR.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2RTF.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEC2TEXT.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\SCANDLGS.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFUTDCS.DLL C:\WINDOWS\SYSTEM32\CONIME.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\ALG.EXE C:\WINDOWS\SYSTEM32\SMSS.EXE C:\WINDOWS\SYSTEM32\CSRSS.EXE C:\WINDOWS\SYSTEM32\WINLOGON.EXE C:\WINDOWS\SYSTEM32\SSMWINLOGONEX.DLL C:\WINDOWS\SYSTEM32\NAVLOGON.DLL C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\SERVICES.EXE C:\WINDOWS\SYSTEM32\LSASS.EXE D:\PROGRAMFILES\TORTOISESVN\BIN\TSVNCACHE.EXE D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPR_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPRUTIL_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPRICONV_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\INTL3_SVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\CRASHRPT.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\DBGHELP.DLL D:\PROGRAMFILES\TORTOISESVN\ICONV\_TBL_SIMPLE.SO D:\PROGRAMFILES\TORTOISESVN\ICONV\CP936.SO D:\PROGRAMFILES\TORTOISESVN\ICONV\UTF-8.SO C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\WSCRIPT.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\WINDOWS\SYSTEM32\MSVCP70.DLL C:\WINDOWS\SYSTEM32\MSVCR70.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCVRTRST.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\SYSTEM32\MSVCP70.DLL C:\WINDOWS\SYSTEM32\MSVCR70.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCVRTRST.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\WINDOWS\SYSTEM32\MDIMON.DLL C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\EXPLORER.EXE D:\PROGRAMFILES\TORTOISESVN\BIN\TORTOISESVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPR_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPRUTIL_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\LIBAPRICONV_TSVN.DLL D:\PROGRAMFILES\TORTOISESVN\BIN\INTL3_SVN.DLL D:\PROGRAMFILES\TORTOISESVN\ICONV\_TBL_SIMPLE.SO D:\PROGRAMFILES\TORTOISESVN\ICONV\CP936.SO D:\PROGRAMFILES\TORTOISESVN\ICONV\UTF-8.SO C:\WINDOWS\SYSTEM32\WPDSHSERVICEOBJ.DLL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\PORTABLEDEVICETYPES.DLL C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL C:\PROGRAM FILES\WINRAR\RAREXT.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL D:\PROGRAMFILES\THUNDER\COMDLLS\TDATONCE_NOW.DLL C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEHELPER.DLL D:\PROGRAMFILES\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL D:\PROGRAMFILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMDKSHELLEXT.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\SIGC-2.0.DLL C:\WINDOWS\SYSTEM32\MSVCR71.DLL C:\WINDOWS\SYSTEM32\MSVCP71.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMAPPUTIL.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMWAREBASE.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMCRYPTOLIB.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\LIBXML2.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\ICONV.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\ZLIB1.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMCUIUTIL.DLL D:\PROGRA~1\ALCOHO~1\ALCOHO~2\AXSHLEX.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\ALCOHOLX.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\BW5MOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\BWTMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\CCDMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\CUEMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\ISZMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\NRGMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\PDIMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PLUGINS\IMAGES\PFCMOUNT.DLL D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\PFCTOC.DLL C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.CHS D:\GREENSOFT\ULTRAEDIT-32\UE32CTMN.DLL C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.DLL C:\WINDOWS\SYSTEM32\AUDIODEV.DLL C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\FSSHEXT.8.5.1288.0816.DLL C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\CSM.DLL C:\WINDOWS\SYSTEM32\MSVCR71.DLL C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MSDBG2.DLL C:\WINDOWS\SYSTEM32\MNMSRVC.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE D:\PROGRAMFILES\MYSQL\MYSQL SERVER 5.1\BIN\MYSQLD.EXE D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\STARWIND\STARWINDSERVICEAE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM32\MSVCP70.DLL C:\WINDOWS\SYSTEM32\MSVCR70.DLL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCVRTRST.DLL C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\PRODUCTREGCOM.DLL C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVERPS.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL C:\WINDOWS\SYSTEM32\SYMREDIR.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETEVT.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVEMAIL.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROSUB.DLL C:\PROGRA~1\SYMANT~1\VPTRAY.EXE C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRT32.DLL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\CLIPROXY.DLL C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\CLISCAN.DLL C:\WINDOWS\HTPATCH.EXE C:\WINDOWS\WINIO.DLL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM\CMICNFG.CPL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\HQTRAY.EXE C:\WINDOWS\SYSTEM32\MSVCR71.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMWAREBASE.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMCRYPTOLIB.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\LIBXML2.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\ICONV.DLL D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\ZLIB1.DLL C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL F:\SOFT\T-Z-Q\1234.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\MSVCR71.DLL C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMXSCSILIB.DLL C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\SSLEAY32.DLL C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\LIBEAY32.DLL C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\MSVCP71.DLL D:\GREENSOFT\IPWHIZ\IPWHIZ.EXE C:\WINDOWS\SYSTEM32\DVG.DLL C:\WINDOWS\SYSTEM32\VNY.DLL C:\WINDOWS\SYSTEM32\HZK.DLL 普通自启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.1 = ; "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32 PHIME2002ASync = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME ccApp = "C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE" vptray = C:\PROGRA~1\SYMANT~1\VPTRAY.EXE HTpatch = C:\WINDOWS\HTPATCH.EXE SiS Tray = (NULL) SiS KHooker = C:\WINDOWS\SYSTEM32\KHOOKER.EXE Cmaudio = RUNDLL32 CMICNFG.CPL,CMICTRLWND Adobe Photo Downloader = "D:\PROGRAMFILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.0\APPS\APDPROXY.EXE" VMware hqtray = "D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\HQTRAY.EXE" IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /PRELOAD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run IMAGE = .VBE HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = 系统文件关联 .exe ==> exefile = "%1" %* .com ==> comfile = "%1" %* .cmd ==> cmdfile = "%1" %* .bat ==> batfile = "%1" %* .txt ==> txtfile = C:\WINDOWS\notepad.exe %1 .scr ==> scrfile = "%1" /S .reg ==> regfile = regedit.exe "%1" .doc ==> Word.Document.8 = "D:\ProgramFiles\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde 其它启动项 WIN.INI 无信息 SYSTEM.INI SHELL = Explorer.exe SCRNSAVE.EXE = C:\WINDOWS\system32\scrnsave.scr Winlogon 启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify crypt32chain = CRYPT32.DLL cryptnet = CRYPTNET.DLL cscdll = CSCDLL.DLL NavLogon = C:\WINDOWS\SYSTEM32\NAVLOGON.DLL ScCertProp = WLNOTIFY.DLL Schedule = WLNOTIFY.DLL sclgntfy = SCLGNTFY.DLL SensLogn = WLNOTIFY.DLL System Safety Monitor = SSMWINLOGONEX.DLL termsrv = WLNOTIFY.DLL wlballoon = WLNOTIFY.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE, shell = EXPLORER.EXE IE - BHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {01443AEC-0FD1-40fd-9C87-E93D1494C233} = d:\ProgramFiles\Thunder\ComDlls\TDAtOnce_Now.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = NULL {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = D:\ProgramFiles\FlashGet\jccatch.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} = D:\ProgramFiles\Real\RealPlayer\rpbrowserrecordplugin.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} = NULL {889D2FEB-5411-4565-8998-1DD2C5261283} = d:\ProgramFiles\Thunder\ComDlls\xunleiBHO_Now.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {B580CF65-E151-49C3-B73F-70B13FCA8E86} = D:\ProgramFiles\Kingsoft\PowerWord 2006\BaiduBar.dll {F156768E-81EF-470C-9057-481BA8380DBA} = d:\ProgramFiles\FlashGet\getflash.dll Winsock SPI MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBCB0058-0094-4F2A-A69B-5C70117E0523}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBCB0058-0094-4F2A-A69B-5C70117E0523}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0F954CC-B516-460B-811A-AEFD731EEC9F}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0F954CC-B516-460B-811A-AEFD731EEC9F}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8AA23A0-BC21-4905-8A2D-57F2DCE0D879}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8AA23A0-BC21-4905-8A2D-57F2DCE0D879}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B796000-9B09-468E-81EA-CACD6B543C26}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B796000-9B09-468E-81EA-CACD6B543C26}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2E736A-5E56-4AE5-8765-1BF4EC4F9F42}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2E736A-5E56-4AE5-8765-1BF4EC4F9F42}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL 系统服务项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Adobe LM Service = "C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\SERVICE\ADOBELMSVC.EXE" Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE ALG = C:\WINDOWS\SYSTEM32\ALG.EXE AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS aspnet_state = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS ccEvtMgr = "C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE" ccPwdSvc = "C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPWDSVC.EXE" ccSetMgr = "C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE" CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE clr_optimization_v2.0.50727_32 = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235} CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH DefWatch = "C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE" Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER IDriverT = "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\1050\INTEL 32\IDRIVERT.EXE" ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE MDM = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V MySQL = "D:\PROGRAMFILES\MYSQL\MYSQL SERVER 5.1\BIN\MYSQLD" --DEFAULTS-FILE="D:\PROGRAMFILES\MYSQL\MYSQL SERVER 5.1\MY.INI" MYSQL NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE" PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE SavRoam = "C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVROAM.EXE" SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SNDSrvc = "C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE" Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE StarWindServiceAE = D:\PROGRAMFILES\ALCOHOL SOFT\ALCOHOL 52\STARWIND\STARWINDSERVICEAE.EXE stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{E41F7C95-4BB7-40B0-AB56-5F4613E11325} Symantec AntiVirus = "C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE" SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS ufad-ws60 = "D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMWARE-UFAD.EXE" -D "D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\\" -S UFAD-P2V.XML upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE UPS = C:\WINDOWS\SYSTEM32\UPS.EXE usnjsvc = "C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\USNSVC.EXE" VMAuthdService = D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VMWARE-AUTHD.EXE VMnetDHCP = C:\WINDOWS\SYSTEM32\VMNETDHCP.EXE vmount2 = "C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE" VMware NAT Service = C:\WINDOWS\SYSTEM32\VMNAT.EXE VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WLSetupSvc = "C:\PROGRAM FILES\WINDOWS LIVE\INSTALLER\WLSETUPSVC.EXE" WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE WMPNetworkSvc = C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WudfSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS 文件驱动 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS 系统驱动项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS cmuda = C:\WINDOWS\SYSTEM32\DRIVERS\CMUDA.SYS Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS hcmon = C:\WINDOWS\SYSTEM32\DRIVERS\HCMON.SYS HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS NAVENG = C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080709.003\NAVENG.SYS NAVEX15 = C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080709.003\NAVEX15.SYS NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS PCANDIS5 = C:\WINDOWS\SYSTEM32\PCANDIS5.SYS PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS safemon = C:\WINDOWS\SYSTEM32\DRIVERS\SAFEMON.SYS SAVRT = C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRT.SYS SAVRTPEL = C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVRTPEL.SYS Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS SiS315 = C:\WINDOWS\SYSTEM32\DRIVERS\SISGRP.SYS sisagp = C:\WINDOWS\SYSTEM32\DRIVERS\SISAGPX.SYS SiSkp = C:\WINDOWS\SYSTEM32\DRIVERS\SRVKP.SYS SISNIC = C:\WINDOWS\SYSTEM32\DRIVERS\SISNIC.SYS splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS SymEvent = C:\PROGRAM FILES\SYMANTEC\SYMEVENT.SYS SYMREDRV = C:\WINDOWS\SYSTEM32\DRIVERS\SYMREDRV.SYS SYMTDI = C:\WINDOWS\SYSTEM32\DRIVERS\SYMTDI.SYS sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS vaxscsi = C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS vmkbd = C:\WINDOWS\SYSTEM32\DRIVERS\VMKBD.SYS VMnetAdapter = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETADAPTER.SYS VMnetBridge = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETBRIDGE.SYS VMnetuserif = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETUSERIF.SYS VMparport = C:\WINDOWS\SYSTEM32\DRIVERS\VMPARPORT.SYS vmusb = C:\WINDOWS\SYSTEM32\DRIVERS\VMUSB.SYS vmx86 = C:\WINDOWS\SYSTEM32\DRIVERS\VMX86.SYS vstor2 = C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VSTOR2.SYS vstor2-ws60 = D:\PROGRAMFILES\VMWARE\VMWARE WORKSTATION\VSTOR2-WS60.SYS Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS WudfPf = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFPF.SYS WudfRd = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFRD.SYS