12   1  /  2  页   跳转

【求助】这些*.dll是不是病毒?

收藏
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 13:31 | 只看楼主 短消息 资料
字号: 1楼

【求助】这些*.dll是不是病毒?

我发现c、d、e、f盘都出现数个不知名*.dll文件,如图
情知道的大侠帮帮我

附件附件:

下载次数:352
文件类型:application/octet-stream
文件大小:
上传时间:2006-8-25 13:31:29
描述:



最后编辑2006-09-23 20:53:01
分享到:
gototop
 
無馀爱ㄛ冰
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-08-23
  • 来自:
发表于: 2006-08-25 13:36 | 短消息 资料
字号: 2楼

可不可以把你的扫描日志发上来看下....
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 13:51 | 只看楼主 短消息 资料
字号: 3楼

【回复“無馀爱ㄛ冰”的帖子】



未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE
D:\PROGRAM FILES\MAXTHON\MAXTHON.EXE
D:\PROGRAM FILES\MAXTHON\MAXZLIB.DLL
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
C:\WINDOWS\SYSTEM32\MSCOREE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\CORPERFMONEXT.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
D:\PROGRAM FILES\MAXTHON\SERVICES\REALTIME\REAL_TIME.DLL
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\UNISPIM5.IME
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINDOWS\DOWNLO~1\HVGEE.DLL

C:\PROGRAM FILES\VNETCLIENT1.6\VNETCLIENT.EXE
C:\PROGRAM FILES\VNETCLIENT1.6\COMMUNICATE.DLL
C:\PROGRAM FILES\VNETCLIENT1.6\DIALMODULE.DLL
C:\PROGRAM FILES\VNETCLIENT1.6\MFC42.DLL
C:\PROGRA~1\VNETCL~1.6\CLIENT~1.DLL
C:\PROGRA~1\VNETCL~1.6\PLUGIN~1.OCX
C:\PROGRA~1\VNETCL~1.6\SIGN.DLL
C:\PROGRA~1\VNETCL~1.6\SETUPP~1.DLL
C:\PROGRA~1\VNETCL~1.6\WEBPLU~1.DLL
C:\PROGRAM FILES\VNETCLIENT1.6\SYSPLUG\BCD35F41-3E51-4E2C-BF82-3B8E8C2310AC\RFPLUG.DLL
C:\PROGRA~1\VNETCL~1.6\ADVERT~1.OCX
C:\PROGRA~1\VNETCL~1.6\VNETBS.OCX
C:\PROGRA~1\VNETCL~1.6\ACCOUN~2.DLL
C:\PROGRA~1\VNETCL~1.6\ACCOUNTMGR.DLL
C:\PROGRA~1\VNETCL~1.6\VNETSKIN.OCX
C:\PROGRA~1\VNETCL~1.6\DIALOGSTYLE.DLL
C:\PROGRA~1\VNETCL~1.6\BDSEARCH.OCX
C:\PROGRA~1\VNETCL~1.6\TIMER.OCX
C:\PROGRA~1\VNETCL~1.6\PLUGIN~2.OCX
C:\PROGRA~1\VNETCL~1.6\NEWMES~1.DLL
C:\PROGRA~1\VNETCL~1.6\PASSCTRL.DLL
C:\WINDOWS\SYSTEM32\WPCAP.DLL
C:\WINDOWS\SYSTEM32\PTHREADVC.DLL
C:\WINDOWS\SYSTEM32\PACKET.DLL
C:\PROGRA~1\VNETCL~1.6\PLUGPUSH.DLL
C:\PROGRA~1\VNETCL~1.6\ALLINT~1.DLL
C:\PROGRA~1\VNETCL~1.6\VNETLO~1.OCX
C:\PROGRA~1\VNETCL~1.6\STATNUM.DLL
C:\PROGRA~1\VNETCL~1.6\VNETON~1.OCX
C:\PROGRA~1\VNETCL~1.6\ALLFUN~1.DLL
C:\PROGRA~1\VNETCL~1.6\VNETOPTLOG.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\PROGRA~1\VNETCL~1.6\DLGSKIN.OCX
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\DOWNLO~1\HVGEE.DLL

C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\STDSVER.DLL
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE
C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\ENGINE.DLL
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINDOWS\WEBWORK\WEBWORK.NLS
C:\WINDOWS\DOWNLO~1\HVGEE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\DOWNLO~1\LYLIZ.DLL
C:\WINDOWS\SYSTEM32\MSXML4.DLL
C:\PROGRA~1\BAIDU\BAR\BAIDUBAR.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_002.DLL
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\SMFLASH.OCX
C:\WINDOWS\SYSTEM32\STDUP.DLL
D:\PROGRA~1\KUGOO2\KUGOO3~1.OCX
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\SHELLEXECUTEHOOK.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL

C:\WINDOWS\VCDPLAYX.EXE
C:\WINDOWS\DOWNLO~1\HVGEE.DLL

D:\PROGRAM FILES\RINGZ STUDIO\STORM DOWNLOADER\STORMDOWNLOADER.EXE
D:\PROGRAM FILES\RINGZ STUDIO\STORM DOWNLOADER\BOOST_THREAD-VC6-MT-1_31.DLL
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
E:\QQPETNURSE0719(2.16)\QQPETNURSE0719(2.16)\QQPETNURSE.EXE
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\DOWNLO~1\HVGEE.DLL

D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
D:\PROGRAM FILES\TENCENT\QQ\CORALASSIST.DLL
D:\PROGRAM FILES\TENCENT\QQ\CORALQQ.DLL
D:\PROGRAM FILES\TENCENT\QQ\IPSEARCHER.DLL
D:\PROGRAM FILES\TENCENT\QQ\MSVCR80.DLL
D:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
D:\PROGRAM FILES\TENCENT\QQ\MSVCP80.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQBASECLASSINDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQHELPERDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\BASICCTRLDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\RICHED32.DLL
D:\PROGRAM FILES\TENCENT\QQ\RICHED20.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQAPI.DLL
D:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL
D:\PROGRAM FILES\TENCENT\QQ\LOGINCTRL.DLL
D:\PROGRAM FILES\TENCENT\QQ\NPKCNTC.DLL
D:\PROGRAM FILES\TENCENT\QQ\NPKPDB.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQRES.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQMAINFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ\CQQAPPLICATION.DLL
D:\PROGRAM FILES\TENCENT\QQ\NEWSKIN.DLL
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
D:\PROGRAM FILES\TENCENT\QQ\HOSTINGMGR.DLL
D:\PROGRAM FILES\TENCENT\QQ\CAMERADLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\MAILSUMMARY.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQSPACE.DLL
D:\PROGRAM FILES\TENCENT\QQ\VBSCRIPT.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQGROUPMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\GROUPLIVE.DLL
D:\PROGRAM FILES\TENCENT\QQ\USERDEFINEDHEAD.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPLUGIN.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQALLINONE.DLL
D:\PROGRAM FILES\TENCENT\QQ\SCCORE.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQCUSTOMFACE.DLL
D:\PROGRAM FILES\TENCENT\QQ\GDIPLUS.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MSADP32.ACM
D:\PROGRAM FILES\TENCENT\QQ\QQPET.DLL
D:\PROGRAM FILES\TENCENT\QQ\LONGCONNECTION.DLL
D:\PROGRAM FILES\TENCENT\QQ\QRINGMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\GROUPCONNECTION.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\SHELLEXECUTEHOOK.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQCONFIGPLUGIN.DLL
D:\PROGRAM FILES\TENCENT\QQ\PHONEAPI.DLL
D:\PROGRAM FILES\TENCENT\QQ\DIALERALLINONE.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQAVATAR.DLL
D:\PROGRAM FILES\TENCENT\QQ\FLASHAVATARDLL.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQSYSMSGMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\BQQAPPLICATION.DLL
D:\PROGRAM FILES\TENCENT\QQ\COMMERCESMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\PERSONALDESKTOP.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQUDPGETFILELIB.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQADDR.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPHONEHELPER.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
D:\PROGRAM FILES\TENCENT\QQ\QQMAGICFACE.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQSCENEMNG.DLL
D:\PROGRAM FILES\TENCENT\QQ\IMAGEOLE.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQZIP.DLL
C:\WINDOWS\SYSTEM32\UNISPIM5.IME
C:\WINDOWS\DOWNLO~1\HVGEE.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\WSHCON32.DLL

D:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\WINDOWS\DOWNLO~1\HVGEE.DLL
D:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL

D:\PROGRAM FILES\TENCENT\QQ\QQPET\QQPET.EXE
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPET\QQPETRESDOWNLOAD.DLL
D:\PROGRAM FILES\TENCENT\QQ\QQPET\QQPETCOMMUNITY.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\WSHCON32.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\HENRY\桌面\RAV\RSDETECT.EXE
C:\WINDOWS\DOWNLO~1\HVGEE.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
nwiz = NWIZ.EXE /INSTALL
vcdplayx = "C:\WINDOWS\VCDPLAYX.EXE"
MINI_BFYY = D:\PROGRAM FILES\RINGZ STUDIO\STORM DOWNLOADER\STORMDOWNLOADER.EXE
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
stup.exe = C:\PROGRA~1\TENCENT\ADPLUS\STUP.EXE
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
!ewido = "C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE" /MINIMIZED

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
bgswitch = C:\WINDOWS\SYSTEM32\BGSWITCH.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "D:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 13:52 | 只看楼主 短消息 资料
字号: 4楼

【回复“孤苏飘雪”的帖子】
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{08A312BB-5409-49FC-9347-54BB7D069AC6} = C:\PROGRA~1\DESKAD~1\deskipn.dll
{0C7C23EF-A848-485B-873C-0ED954731014} = C:\Program Files\TENCENT\Adplus\SSAddr1.dll
{14A21378-5BB1-4BC4-95D5-5D3F51527F6F} = C:\WINDOWS\system32\smflash.ocx
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} = c:\PROGRA~1\VNETCL~1.6\VNETTR~1.DLL
{54EBD53A-9BC1-480B-966A-843A333CA162} = D:\Program Files\Tencent\QQ\QQIEHelper.dll
{669751ED-D558-49AE-B01A-3B374CC7910E} = C:\WINDOWS\system32\ssup.dll
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} = C:\WINDOWS\SYSTEM32\stdup.dll
{77FEF28E-EB96-44FF-B511-3185DEA48697} = C:\Progra~1\Baidu\bar\BaiDuBar.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
{A9930D97-9CF0-42A0-A10D-4F28836579D5} = D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX


Winsock SPI
MSTCPChain Provider = C:\WINDOWS\SYSTEM32\WSHCON32.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{93942B01-C3CB-4FBE-AD80-06F28A99E088}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{93942B01-C3CB-4FBE-AD80-06F28A99E088}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BAFD57AC-BB9F-4EB1-8908-C3CBF96517E0}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BAFD57AC-BB9F-4EB1-8908-C3CBF96517E0}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{31ABDDD0-D300-4E3F-899D-005F8E1E5287}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{31ABDDD0-D300-4E3F-899D-005F8E1E5287}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{23878A8D-224E-419D-AB9A-390C0298A682}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{23878A8D-224E-419D-AB9A-390C0298A682}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B77D2-946E-4EBA-A7A2-FD306D96276B}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B77D2-946E-4EBA-A7A2-FD306D96276B}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSTCP Provider = C:\WINDOWS\SYSTEM32\WSHCON32.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
aspnet_state = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET_STATE.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Autodesk Licensing Service = "C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE"
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS32 = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BITS32
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
C-DillaSrv = C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ewido anti-spyware 4.0 guard = C:\DOCUMENTS AND SETTINGS\HENRY\桌面\EWIDO4.0\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
rpcapd = "%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RpcSs32 = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K RPCSS32
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
StdService = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\STDSVER.DLL,SERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{9AE1F6F2-209E-4859-AD7C-2609879337A8}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
0000_sys = C:\WINDOWS\SYSTEM32\DRIVERS\0000_SYS.SYS
ADProt = C:\WINDOWS\SYSTEM32\DRIVERS\ADPROT.SYS
BdGuard = C:\WINDOWS\SYSTEM32\DRIVERS\BDGUARD.SYS
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
gototop
 
flywithyou
头像
初生襁褓狮
  • 帖子:121
  • 注册: 2006-07-04
  • 来自:
发表于: 2006-08-25 14:09 | 短消息 资料
字号: 5楼

参考资料:危险dll文件注释大全_Www.Pcav.Cn
http://www.pcav.cn/Article/aqzx/200608/6923.html
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2006-08-25 14:19 | 短消息 资料
字号: 6楼

【回复“孤苏飘雪”的帖子】
那么多不同的dll,但文件大小都一样——肯定不是好东西。
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 14:44 | 只看楼主 短消息 资料
字号: 7楼

【回复“baohe”的帖子】
那我怎麼办,瑞星又查不出来,删了重启又出现。。。555
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 14:55 | 只看楼主 短消息 资料
字号: 8楼

有无人知系乜也病毒?
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 15:18 | 只看楼主 短消息 资料
字号: 9楼

ding....
gototop
 
孤苏飘雪
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-25 15:40 | 只看楼主 短消息 资料
字号: 10楼

晕。。。。无人帮。。。。55
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT