未知家族病毒分析
扫描结果:
无可疑文件
系统活动进程
C:\WINDOWS\SYSTEM32\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\QFSHELL.DLL
C:\WINDOWS\533931MM.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\DOCUMENTS AND SETTINGS\XY\桌面\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\NILUW.DLL
C:\WINDOWS\SYSTEM32\GNAIXNAUHQQ.DLL
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL
C:\WINDOWS\SYSTEM32\MNAUYGNIQAIXNAIJ.DLL
C:\WINDOWS\SYSTEM32\HJIQ.DLL
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\SYSTEM32\CUHAD.DLL
C:\WINDOWS\SYSTEM32\TSQC.DLL
C:\WINDOWS\SYSTEM32\KNAIXNAUHUOYIZQQ.DLL
C:\WINDOWS\SYSTEM32\LAIXUHZ.DLL
C:\WINDOWS\SYSTEM32\QLIHZOUHGNFE.DLL
C:\WINDOWS\SYSTEM32\SAUHAD.DLL
C:\WINDOWS\SYSTEM32\OAIJIHZEUYOUHZ.DLL
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\SYSTEM32\INTERNAT.EXE
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\RHLVESCU.EXE
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\SYSTEM32\CMD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\BAUHGNEM.DLL
C:\WINDOWS\SYSTEM32\CUHAD.DLL
C:\WINDOWS\SYSTEM32\LAIXUHZ.DLL
C:\WINDOWS\SYSTEM32\GNOLNAIT.DLL
C:\WINDOWS\SYSTEM32\INDICDLL.DLL
C:\WINDOWS\SYSTEM32\WCKPXCIWOW.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS8K.SYS
C:\WINDOWS\SYSTEM32\UPXDND.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\IMRQWRGB.DLL
C:\WINDOWS\SYSTEM32\NETSRV.DLL
C:\WINDOWS\IRTHBLQV.DLL
C:\WINDOWS\SYSTEM32\CMDBCS.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\TAHNWCHWM.DLL
C:\WINDOWS\SYSTEM32\WINWB86.IME
C:\WINDOWS\SYSTEM32\PTSSHELL.DLL
C:\WINDOWS\SYSTEM32\LSYEOTYDJ.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9C.OCX
普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Qfrun = C:\WINDOWS\SYSTEM32\QFRUN.EXE
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
MsIMMs32 = C:\WINDOWS\MSIMMS32.EXE
upxdnd = C:\WINDOWS\UPXDND.EXE
WinSysM = C:\WINDOWS\533931M.EXE
cmdbcs = C:\WINDOWS\CMDBCS.EXE
PTSShell = C:\WINDOWS\PTSSHELL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ciivgmhsg = CIIVGMHSG.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
FlashPlayerUpdate = C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9C.EXE
系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
其它启动项
WIN.INI
无信息
SYSTEM.INI
SHELL = Explorer.exe
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
DfLogon = LOGONDLL.DLL
NavLogon = C:\WINDOWS\SYSTEM32\NAVLOGON.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\DRIVERS\US51848.BAT,
shell = EXPLORER.EXE
IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} = C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys
Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD nwlnkipx [IPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0C49788-20B3-43E2-8243-505F4D32FA00}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0C49788-20B3-43E2-8243-505F4D32FA00}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25AFDC2D-6FCC-4B88-B83E-6B1D4A878276}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{25AFDC2D-6FCC-4B88-B83E-6B1
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
