瑞星卡卡安全论坛
帅哥坐车不用票 - 2005-12-24 12:03:00
studying
jzg369 - 2005-12-25 13:23:00
强烈建议置顶,把汉化和英文都随时更新在1楼就更方便了.
木讷小新 - 2005-12-26 12:35:00
可怜我没这个闲功夫搞这些,没有直接的工具吗?
jiqimao401 - 2005-12-26 14:06:00
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll
+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll
+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ GDI+ 文件缩略图解压缩程序 Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HTML 缩略图的解压缩程序 Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ ICC 配置文件 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 打印机管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 监视器管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 扫描仪管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ IE4 套件初始屏幕 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet 临时文件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet 临时文件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft Internet 工具栏 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History 服务 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Url 搜索挂接 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft 多个自动完成列表容器 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft 历史自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft 数据链接 Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft 外壳文件夹自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll
+ MRU 自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll
+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell Image Data Factory Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
jiqimao401 - 2005-12-26 14:07:00
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll
+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll
+ Web 搜索 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Script Host 的 Shell extensions Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ 帮助和支持 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 帮助和支持 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 补充的外壳文件夹 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 补充的外壳文件夹 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 窗格中的搜索 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 地址 EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 地址(&A) Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 电子邮件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 粉碎文件 Wiper 动态链接库 c:\program files\3721\assist\wiper.dll
+ 跟踪弹出栏 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 公文包 Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll
+ 管理工具 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 获取 Passport 向导 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 可访问的 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 历史记录 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 频道句柄对象 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 频道快捷方式 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 频道文件 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 全局文件夹设置 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 任务计划 Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ 任务栏和「开始」菜单 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 搜索 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 搜索区 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 通过 Web 订购照片 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 脱机文件夹 Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ 外壳 DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳 DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳 Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳出版向导对象 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 网络出版向导 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
jiqimao401 - 2005-12-26 14:07:00
+ 网络连接 Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ 网络连接 Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ 下载状态 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 压缩(zipped)文件夹 Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ 以前的版本 Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ 以前的版本属性页 Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ 用户(&P)... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll
+ 用户帮助 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 用户帐户 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 预订文件夹 Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ 运行... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 摘要信息缩略图处理程序(DOCFILES) Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ 注册数目路选项实用程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 自定义 MRU 自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 字体 Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ 字体 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 浏览器栏 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AntiFish Class AntiPhish Module Yahoo Inc. c:\program files\3721\assist\angling.dll
+ BandIE Class BaiduBar Module Baidu.com, Inc. c:\program files\baidu\bar\baidubar.dll
+ bho Class 万能五笔接口程序 深圳世强软件开发部 c:\program files\common files\wnwb\wnwbio.dll
+ BrowserHAP Class Hapbast Module Shanghai Henbang Technology Co., Ltd c:\program files\hbclient\hapast.dll
+ CnsHook Class 3721 CNS Module 北京三七二一科技有限公司 c:\windows\downloaded program files\cnshook.dll
+ IeCatch2 Class jccatch Module Amaze Soft c:\program files\flashget\jccatch.dll
+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\新建文件夹\qqiehelper.dll
+ T2BHO Class DownloadBHO Module HDT, Inc. c:\windows\downloaded program files\conflict.1\barhelp24.0.dll
+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll
+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll
+ 天下搜索 HDTBar Module c:\windows\downloaded program files\conflict.1\iebar23.0.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGet FlashGet Amaze Soft c:\program files\flashget\flashget.exe
+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe
+ Yahoo 1G电邮 File not found: http://cn.mail.yahoo.com/promo/rd1
+ 浩方对战平台 浩方对战平台 上海浩方在线信息技术有限公司 e:\浩方\浩方对战平台\gameclient.exe
+ 清理上网记录 File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 情景聊天 File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 上网助手 File not found: http://assistant.3721.com/index.htm?fb=Cns
+ 手机短信 File not found: http://sms.3721.com/ie/index.htm
+ 腾讯QQ QQ TENCENT d:\新建文件夹\qq.exe
+ 修复浏览器 File not found: http://assistant.3721.com/security1.htm?fb=Cns
+ 寻宝乐趣多 File not found: http://hot.3721.com/rd/shop_btn.htm
HKLM\System\CurrentControlSet\Services
+ AudioSrv 管理基于 Windows 的程序的音频设备。如果此服务被终止,音频设备及其音效将不能正常工作。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser 维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。如果服务停止,列表不会被更新或维护。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ CryptSvc 提供三种管理服务: 编录数据库服务,它确定 Windows 文件的签字; 受保护的根服务,它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务,它帮助注册此计算机获取证书。如果此服务被终止,这些管理服务将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ DcomLaunch 为 DCOM 服务提供加载功能。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp 通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。 Microsoft Corporation c:\windows\system32\svchost.exe
+ dmserver 监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止,动态磁盘状态和配置信息会过时。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dnscache 为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止,计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用,任何明确依赖它的服务将不能启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ERSvc 服务和应用程序在非标准环境下运行时允许错误报告。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog 启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。 Microsoft Corporation c:\windows\system32\services.exe
+ helpsvc 启用在此计算机上运行帮助和支持中心。如果停止服务,帮助和支持中心将不可用。如果禁用服务,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanserver 支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止,这些功能不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation 创建和维护到远程服务的客户端网络连接。如果服务停止,这些连接将不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts 允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。 Microsoft Corporation c:\windows\system32\svchost.exe
+ PlugPlay 使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。 Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent 管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。 Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage 提供对敏感数据(如私钥)的保护性存储,以便防止未授权的服务,过程或用户对其的非法访问。 Microsoft Corporation c:\windows\system32\lsass.exe
+ RemoteRegistry 使远程用户能修改此计算机上的注册表设置。如果此服务被终止,只有此计算机上的用户才能修改注册表。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ RfwService Rising Personal Firewall Service Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rfwsrv.exe
+ RpcSs 提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. d:\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. d:\rising\rav\ravmond.exe
+ SamSs 存储本地用户帐户的安全信息。 Microsoft Corporation c:\windows\system32\lsass.exe
+ SCardSvr 管理由此计算机读取的智能卡的访问。如果此服务被停止,计算机将不能读取智能卡。如果此服务被禁用,任何明确依赖它的服务都将不能启动。 Microsoft Corporation c:\windows\system32\scardsvr.exe
+ Schedule 使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止,这些任务将无法在日程时间里运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ seclogon 启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS 跟踪系统事件,如登录 Windows,网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SharedAccess 为家庭和小型办公网络提供网络地址转换、寻址、名称解析和/或入侵保护服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection 为自动播放硬件事件提供通知。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Spooler 将文件加载到内存中以便迟后打印。 Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice 执行系统还原功能。 要停止服务,请从“我的电脑”的属性中的系统还原选项卡关闭系统还原 Microsoft Corporation c:\windows\system32\svchost.exe
jiqimao401 - 2005-12-26 14:08:00
+ stisvc 为扫描仪和照相机提供图像捕获。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Themes 为用户提供使用主题管理的经验。 Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks 在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。 Microsoft Corporation c:\windows\system32\svchost.exe
+ W32Time 维护在网络上的所有客户端和服务器的时间和日期同步。如果此服务被停止,时间和日期的同步将不可用。如果此服务被禁用,任何明确依赖它的服务都将不能启动。
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient 使基于 Windows 的程序能创建、访问和修改基于 Internet 的文件。如果此服务被终止,将会失去这些功能。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ winmgmt 提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止,多数基于 Windows 的软件将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ wscsvc 监视系统安全设置和配置。 Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv 允许下载并安装 Windows 更新。如果此服务被禁用,计算机将不能使用 Windows Update 网站的自动更新功能。 Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC 为您的 802.11 适配器提供自动配置 Microsoft Corporation c:\windows\system32\svchost.exe
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ AFD AFD 网络支持环境 Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ ALCXSENS Sensaura WDM 3D Audio Driver Sensaura c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ AmdK7 Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\amdk7.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys
+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys
+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\windows\system32\drivers\ccdecode.sys
+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys
+ Cdsys File not found: C:\WINDOWS\system32\cdcd.sys
+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys
+ dmio NT Disk Manager I/O Driver Microsoft Corp., Veritas Software c:\windows\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. c:\windows\system32\drivers\dmload.sys
+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ ExpScaner ExpScan.sys d:\rising\rav\expscan.sys
+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys
+ FsVga Full Screen Video Driver Microsoft Corporation c:\windows\system32\drivers\fsvga.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ GPKiller GPigeon Killer Yahoo! c:\windows\system32\drivers\gpkiller.sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd d:\rising\rav\hookcont.sys
+ HookReg d:\rising\rav\hookreg.sys
+ HookSys Hooksys Rising d:\rising\rav\hooksys.sys
+ HTTP 此服务实现超文本传送协议(HTTP)。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ iKeyEnum Rainbow iKey Enumerator Service Rainbow Technologies Inc. c:\windows\system32\drivers\ikeyenum.sys
+ iKeyIFD Rainbow iKey Virtual Reader Service Rainbow Technologies Inc. c:\windows\system32\drivers\ikeyifd.sys
+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys
+ Ip6Fw 为家庭和小型办公网络提供入侵保护服务。 Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys
+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys
jiqimao401 - 2005-12-26 14:09:00
+ kmsinput c:\windows\system32\drivers\kmsinput.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 d:\rising\rav\memscan.sys
+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys
+ mProcRs Rising Personal FireWall mprocrs.sys Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\mprocrs.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys
+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys
+ NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\windows\system32\drivers\nabtsfec.sys
+ NdisIP Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\ndisip.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS 用户模式 I/O 协议 Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys
+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys
+ New0 c:\windows\system32\new.sys
+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ R5BaseSmc USB Token Holder service Name OEM c:\windows\system32\drivers\smccard.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe 远程访问 PPPOE 驱动程序 Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys
+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys
+ RnbToken Rainbow iKey Token Service Rainbow Technologies Inc. c:\windows\system32\drivers\rnbtoken.sys
+ RsFwDrv nt_fwdrv Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rsfwdrv.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys
+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys
+ streamip Microsoft IP Test Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys
+ SVKP SVKP driver for NT AntiCracking c:\windows\system32\svkp.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys
+ token USB Token Service Name c:\windows\system32\drivers\eps2kt1.sys
+ uagp35 MS AGPv3.5 Filter Microsoft Corporation c:\windows\system32\drivers\uagp35.sys
+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys
jiqimao401 - 2005-12-26 14:09:00
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys
+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys
+ viagfx VIA/S3G Miniport Driver Copyright (C) VIA/S3 Graphics Co, Ltd. c:\windows\system32\drivers\vtmini.sys
+ ViaIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\viaide.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys
+ WINIO c:\windows\downloaded program files\conflict.1\winio.sys
+ WSTCODEC WDM WST Codec Driver Microsoft Corporation c:\windows\system32\drivers\wstcodec.sys
+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{097DB5E7-D9FC-409E-84BC-A1AF9932C84E}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{097DB5E7-D9FC-409E-84BC-A1AF9932C84E}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D0E80DA-CCC1-47C1-8E1F-E9587D10992E}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D0E80DA-CCC1-47C1-8E1F-E9587D10992E}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3E3E7C37-CA52-43B4-AF79-4FCB70D1C677}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3E3E7C37-CA52-43B4-AF79-4FCB70D1C677}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E06B8BD2-E484-4687-9D10-9BB2D0BAA45A}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E06B8BD2-E484-4687-9D10-9BB2D0BAA45A}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC413035-3FEC-4E40-A47C-7BEA8AA614C0}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC413035-3FEC-4E40-A47C-7BEA8AA614C0}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B50600-DBA4-435A-8484-9AD0C591FCCC}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B50600-DBA4-435A-8484-9AD0C591FCCC}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
BlackStone - 2005-12-26 14:16:00
【回复“jiqimao401”的帖子】
用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)工具的下载、使用参考
http://forum.ikaka.com/topic.asp?board=28&artid=7318038
jiqimao401 - 2005-12-26 14:20:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ assistse AssistSetting yahoo c:\program files\3721\assistse.exe
+ CnsMin 3721 北京三七二一科技有限公司 c:\windows\downloaded program files\cnsmin.dll
+ ep2k_certd USB Token 2000 PKI Cert Monitor c:\program files\feitian\usbtoken2000\ep2k_certd.exe
+ hbpassport Passport Application Shanghai Henbang Technology Co., Ltd c:\program files\hbclient\hbast.exe
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. d:\rising\rav\ravtask.exe
+ RfwMain Rising Personal FireWall Main Program Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rfwmain.exe
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. C:\WINDOWS\soundman.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ VTTimer S3 Graphics, Inc. c:\windows\system32\vttimer.exe
C:\Documents and Settings\hjj\「开始」菜单\程序\启动
+ 腾讯QQ.lnk QQ TENCENT d:\新建文件夹\qq.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cnshook.dll 3721 CNS Module 北京三七二一科技有限公司 c:\windows\downloaded program files\cnshook.dll
+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ 粉碎文件 Wiper 动态链接库 c:\program files\3721\assist\wiper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AntiFish Class AntiPhish Module Yahoo Inc. c:\program files\3721\assist\angling.dll
+ BandIE Class BaiduBar Module Baidu.com, Inc. c:\program files\baidu\bar\baidubar.dll
+ bho Class 万能五笔接口程序 深圳世强软件开发部 c:\program files\common files\wnwb\wnwbio.dll
+ BrowserHAP Class Hapbast Module Shanghai Henbang Technology Co., Ltd c:\program files\hbclient\hapast.dll
+ CnsHook Class 3721 CNS Module 北京三七二一科技有限公司 c:\windows\downloaded program files\cnshook.dll
+ IeCatch2 Class jccatch Module Amaze Soft c:\program files\flashget\jccatch.dll
+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\新建文件夹\qqiehelper.dll
+ T2BHO Class DownloadBHO Module HDT, Inc. c:\windows\downloaded program files\conflict.1\barhelp24.0.dll
+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll
+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll
+ 天下搜索 HDTBar Module c:\windows\downloaded program files\conflict.1\iebar23.0.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGet FlashGet Amaze Soft c:\program files\flashget\flashget.exe
+ Yahoo 1G电邮 File not found: http://cn.mail.yahoo.com/promo/rd1
+ 浩方对战平台 浩方对战平台 上海浩方在线信息技术有限公司 e:\浩方\浩方对战平台\gameclient.exe
+ 清理上网记录 File not found: http://assistant.3721.com/clean1.htm?fb=Cns
+ 情景聊天 File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 上网助手 File not found: http://assistant.3721.com/index.htm?fb=Cns
+ 手机短信 File not found: http://sms.3721.com/ie/index.htm
+ 腾讯QQ QQ TENCENT d:\新建文件夹\qq.exe
+ 修复浏览器 File not found: http://assistant.3721.com/security1.htm?fb=Cns
+ 寻宝乐趣多 File not found: http://hot.3721.com/rd/shop_btn.htm
HKLM\System\CurrentControlSet\Services
+ RfwService Rising Personal Firewall Service Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. d:\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. d:\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ALCXSENS Sensaura WDM 3D Audio Driver Sensaura c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ Cdsys File not found: C:\WINDOWS\system32\cdcd.sys
+ ExpScaner ExpScan.sys d:\rising\rav\expscan.sys
+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys
+ GPKiller GPigeon Killer Yahoo! c:\windows\system32\drivers\gpkiller.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd d:\rising\rav\hookcont.sys
+ HookReg d:\rising\rav\hookreg.sys
+ HookSys Hooksys Rising d:\rising\rav\hooksys.sys
+ iKeyEnum Rainbow iKey Enumerator Service Rainbow Technologies Inc. c:\windows\system32\drivers\ikeyenum.sys
+ iKeyIFD Rainbow iKey Virtual Reader Service Rainbow Technologies Inc. c:\windows\system32\drivers\ikeyifd.sys
+ kmsinput c:\windows\system32\drivers\kmsinput.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 d:\rising\rav\memscan.sys
+ mProcRs Rising Personal FireWall mprocrs.sys Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\mprocrs.sys
+ New0 c:\windows\system32\new.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ R5BaseSmc USB Token Holder service Name OEM c:\windows\system32\drivers\smccard.sys
+ RnbToken Rainbow iKey Token Service Rainbow Technologies Inc. c:\windows\system32\drivers\rnbtoken.sys
+ RsFwDrv nt_fwdrv Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rsfwdrv.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ SVKP SVKP driver for NT AntiCracking c:\windows\system32\svkp.sys
+ token USB Token Service Name c:\windows\system32\drivers\eps2kt1.sys
+ viagfx VIA/S3G Miniport Driver Copyright (C) VIA/S3 Graphics Co, Ltd. c:\windows\system32\drivers\vtmini.sys
+ WINIO c:\windows\downloaded program files\conflict.1\winio.sys
+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys
BlackStone - 2005-12-26 14:46:00
【回复“jiqimao401”的帖子】
日志看不出什么问题,你的机子有什么问题。
jiqimao401 - 2005-12-26 14:58:00
中过灰鸽子..然后删了注册表里的C;/WINDOWS/server2.0.exe.后。.防火墙就没显示有木马.现在速度慢了很多。我担心是没杀干净吧...
BlackStone - 2005-12-26 15:04:00
你的速度慢是指什么,网速、计算机响应。
日志看不出有啥问题,你可以看看http://forum.ikaka.com/topic.asp?board=28&artid=7538008有没有帮助
啸饮狂砂 - 2005-12-26 21:53:00
谢谢楼主,可我不知道从哪入手.我感觉我的机子也不知道哪不对劲,
譬如:在任务栏里有好几个语言栏...
能帮帮我吗?这是用瑞星防火墙剪的启动项,
附件:
64246720051226215303.JPG
啸饮狂砂 - 2005-12-26 22:12:00
麻烦帮我看看,谢谢了,
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AddrPlus3 Tencent c:\program files\tencent\addrplus\qahook.dll
+ MS-4011 Memory Patch RavSasser Beijing Rising Tech. Co., Ltd. h:\b\down1\ravsasser.exe
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe
+ RfwMain Rising Personal FireWall Main Program Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rfwmain.exe
+ SKYNET Personal FireWall 天网防火墙个人版 天网 c:\program files\skynet\firewall\pfw.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\sd04\「开始」菜单\程序\启动
+ 腾讯QQ.lnk QQ TENCENT d:\tencent\qq\qq.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ QQ Search Hook Tencent c:\program files\tencent\addrplus\iehelp.dll
+ QQAddrBar Drop Target Tencent c:\program files\tencent\addrplus\iehelp.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class AcroIEHelper Module c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
+ BandIE Class BaiduBar Module Baidu.com, Inc. c:\program files\baidu\bar\baidubar.dll
+ CPub Object IE Monitor Sohu.com Inc. c:\program files\p4p\sodaie.dll
+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\tencent\qq\qqiehelper.dll
+ ThunderIEHelper Class xunleibho BHO c:\windows\system32\xunleibho_v8.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ iehelp.dll Tencent c:\program files\tencent\addrplus\iehelp.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 访问卡卡社区 File not found: http://www.ikaka.com/?u=RSTB
+ 访问瑞星网站 File not found: http://www.rising.com.cn/?u=RSTB
+ 腾讯QQ QQ TENCENT d:\tencent\qq\qq.exe
HKLM\System\CurrentControlSet\Services
+ C-DillaSrv C-Dilla RTS Service C-Dilla Ltd c:\windows\system32\drivers\cdantsrv.exe
+ P4P Service Sogou P4P Service Sohu.com Inc. c:\program files\p4p\p2psvr.exe
+ RfwService Rising Personal Firewall Service Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ EL90X 3Com Fast EtherLink XL / EtherLink XL Network Miniport Driver 3Com Corporation c:\windows\system32\drivers\el90xnd5.sys
+ es1371 ENSONIQ AudioPCI 97 WDM Audio Miniport Creative Technology Ltd. c:\windows\system32\drivers\es1371mp.sys
+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys
+ HookReg c:\program files\rising\rav\hookreg.sys
+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys
+ mProcRs Rising Personal FireWall mprocrs.sys Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\mprocrs.sys
+ NPF NPF Driver - TME extensions Politecnico di Torino c:\windows\system32\drivers\npf.sys
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. d:\tencent\qq\npkcrypt.sys
+ npkycryp File not found: D:\Tencent\QQ\npkycryp.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ RsFwDrv nt_fwdrv Beijing Rising Technology Co., Ltd. c:\program files\rising\rfw\rsfwdrv.sys
+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ SKNFW c:\windows\system32\drivers\sknfw.sys
+ ssm_bus Samsung Mobile USB Device II 1.0 Driver MCCI c:\windows\system32\drivers\ssm_bus.sys
+ ssm_mdfl Samsung Mobile USB Modem II 1.0 Filter MCCI c:\windows\system32\drivers\ssm_mdfl.sys
+ ssm_mdm Samsung Mobile USB Modem II 1.0 Drivers MCCI c:\windows\system32\drivers\ssm_mdm.sys
+ ZSMC302 Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\WINDOWS\system32\SoDAHK.DLL SodaHK Sohu.com Inc. c:\windows\system32\sodahk.dll
BlackStone - 2005-12-27 8:47:00
【回复“啸饮狂砂”的帖子】
日志里没看出有啥问题
啸饮狂砂 - 2005-12-27 19:00:00
谢谢楼主,可这没公司的项目是否是有问题的呢?
我心里不踏实.如:npkycrypFile not found: D:\Tencent\QQ\npkycryp.sys
Display Panning CPL ExtensionFile not found: deskpan.dll这些启动项我关了,不知道是什么东西.
BlackStone - 2005-12-28 8:53:00
| 引用: |
【啸饮狂砂的贴子】谢谢楼主,可这没公司的项目是否是有问题的呢?
我心里不踏实.如:npkycrypFile not found: D:\Tencent\QQ\npkycryp.sys
Display Panning CPL ExtensionFile not found: deskpan.dll这些启动项我关了,不知道是什么东西.
........................... |
这两项没什么问题
D:\Tencent\QQ\npkycryp.sys是腾讯的,文件已经不存在了,可以删除启动项
不再想用win - 2005-12-28 13:47:00
好人!又有水平又耐心!我会经常关注此题目,拜读教诲!谢谢!
不再想用win - 2005-12-28 13:52:00
楼主,请教,我的机器出现您在71楼说得问题,根据您的指导已经恢复,但不明白什么原因导致那2项不让更改的,我经常更改那2项的,近期突然发现被禁止了,我的第二套系统启动后还可以更改,但在1小时后也被禁止了,您能给解惑吗?谢谢了!
梦幻的心 - 2005-12-28 15:31:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ RavMonFile not found: E:\SECURITY\RAV2005\RAVMON.EXE
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.e:\security\rising\rav\ravtask.exe
C:\Documents and Settings\Amazing holy\「开始」菜单\程序\启动
+ HoeKey.lnke:\system\hoekey\hoekey.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ SystemSafetyMonitorMaster ModuleSystem Safetye:\security\system safety monitor 2.0\syssafe.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Classxunleibho Modulec:\windows\system32\xunleibho_v4.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 腾讯QQQQTENCENTe:\net\qq 2005珊瑚虫\qq.exe
Task Scheduler
+ DDD_Install_Program.jobremotesetupduduc:\documents and settings\amazing holy\local settings\temp\remotesetup.exe
HKLM\System\CurrentControlSet\Services
+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.e:\security\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.e:\security\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.e:\security\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ BRPPPOEc:\windows\system32\drivers\brpppoe.sys
+ cwcspudBlackGold II 5.1 Family PCI WDM Audio DriverTOGO Technology Co.,Ltd.c:\windows\system32\drivers\cwcspud.sys
+ cwcwdmBlackGold II 5.1 Family PCI WDM Audio DriverTOGO Technology Co.,Ltd.c:\windows\system32\drivers\cwcwdm.sys
+ dtscsic:\windows\system32\drivers\dtscsi.sys
+ ExpScanerExpScan.syse:\security\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltde:\security\rising\rav\hookcont.sys
+ HookRege:\security\rising\rav\hookreg.sys
+ HookSysHooksysRisinge:\security\rising\rav\hooksys.sys
+ kmsinputc:\windows\system32\drivers\kmsinput.sys
+ MEMSCANMemScan Driver瑞星软件有限公司e:\security\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.e:\security\rising\rfw\mprocrs.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 77.76 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.e:\security\rising\rfw\rsfwdrv.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ safemonSystem Safety Monitor 2.0 extension for Windows security layerSystem Safetyc:\windows\system32\drivers\safemon.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ sfdrv01StarForce Protection Environment DriverProtection Technologyc:\windows\system32\drivers\sfdrv01.sys
+ sfhlp02StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\sfhlp02.sys
+ sfsync02StarForce Protection Synchronization DriverProtection Technologyc:\windows\system32\drivers\sfsync02.sys
+ sfvfs02StarForce Protection VFS DriverProtection Technologyc:\windows\system32\drivers\sfvfs02.sys
+ sptdc:\windows\system32\drivers\sptd.sys
+ UnlockerDriver4e:\system\unlocker\unlockerdriver4.sys
+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ taskmgr.exeSysinternals Process ExplorerSysinternalse:\security\processexplorer\procexp.exe
梦幻的心 - 2005-12-28 15:36:00
+ RavMonFile not found: E:\SECURITY\RAV2005\RAVMON.EXE
我删除以后刷新又出来了,就进入注册表删除,结果弹出对话框,告诉我“无法删除所有指定的值”,以前瑞星是安装在这个路径的,后来卸载以后安装到别的地方了,可是这个启动项就是去不掉,请问这个怎么办啊?
附件:
29072920051228153627.JPG
BlackStone - 2005-12-28 17:57:00
【回复“不再想用win”的帖子】
| 引用: |
【不再想用win的贴子】楼主,请教,我的机器出现您在71楼说得问题,根据您的指导已经恢复,但不明白什么原因导致那2项不让更改的,我经常更改那2项的,近期突然发现被禁止了,我的第二套系统启动后还可以更改,但在1小时后也被禁止了,您能给解惑吗?谢谢了!
........................... |
你的系统内存中可能有木马或其他恶意程序修改了这个注册表项。
BlackStone - 2005-12-28 18:01:00
【回复“梦幻的心”的帖子】
| 引用: |
【梦幻的心的贴子】+ RavMonFile not found: E:\SECURITY\RAV2005\RAVMON.EXE
我删除以后刷新又出来了,就进入注册表删除,结果弹出对话框,告诉我“无法删除所有指定的值”,以前瑞星是安装在这个路径的,后来卸载以后安装到别的地方了,可是这个启动项就是去不掉,请问这个怎么办啊?
........................... |
看日志你装了瑞星2006,有可能你在瑞星里把regedit修改注册表Run项禁止了,你可以在监控托盘图标中右键菜单中选择“注册表监控自动处理列表项”中去掉对regedit的禁止修改限制或直接关闭瑞星注册表监控再删除试试。
梦幻的心 - 2005-12-28 18:37:00
“注册表监控自动处理列表项”中没有禁止修改注册表Run项,于是关闭瑞星监控,删除了。
这是不是瑞星对自己的保护?因为Run其他程序的键值是可以删除的
BlackStone - 2005-12-28 18:40:00
| 引用: |
【梦幻的心的贴子】“注册表监控自动处理列表项”中没有禁止修改注册表Run项,于是关闭瑞星监控,删除了。
这是不是瑞星对自己的保护?因为Run其他程序的键值是可以删除的
........................... |
那个自动处理列表里不应该有regeidt.exe项就对了
各位大侠救我! - 2005-12-28 18:41:00
大侠呀~救救我这个菜鸟吧!我老中毒,有瑞星也会老中毒怎么回事呀?我现在还发现我的瑞星监控的开启不了内存条监控!是不是中毒了呀?怎么办,大侠教我一招好不好?QQ191799898
各位大侠救我! - 2005-12-28 18:44:00
大侠一定要救我呀,我好怕毒的呀,....QQ191799898谢谢啦!!
yfd78 - 2005-12-29 16:11:00
不是太懂啊,,有没有中文版的啊,,谢谢
© 2000 - 2026 Rising Corp. Ltd.