今天上网时,瑞星突然闪了下,感觉不好,中毒了! bbs.ikaka.com

duzheng - 2005-11-14 9:58:00

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ICQ Lite File not found: ;

+ IMJPMIG8.1 Microsoft IME Microsoft Corporation c:\windows\ime\imjp8_1\imjpmig.exe

+ iparmor File not found: ;

+ KernelFaultCheck Windows Error Reporting Dump Reporting Tool Microsoft Corporation c:\windows\system32\dumprep.exe

+ LenSoft File not found: ;

+ Lskbdrv File not found: ;

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nwiz NVIDIA nView Wizard, Version 43.51 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ PHIME2002A 微軟新注音輸入法 2002a Microsoft Corporation c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ PHIME2002ASync 微軟新注音輸入法 2002a Microsoft Corporation c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ RavMon RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmon.exe

+ RavTimer RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtimer.exe

+ RfwMain Rising Personal FireWall Main Program Beijing Rising Technology Corporation Limited c:\program files\rising\rfw\rfwmain.exe

+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe

+ Super Rabbit SafeEdit Super Rabbit Safe File Client Super Rabbit Soft d:\program files\super rabbit\magicset\srfc.exe

+ Super Rabbit SRRestore Super Rabbit Soft d:\program files\super rabbit\magicset\srrest.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ Microsoft Office.lnk Microsoft Office 2000 component Microsoft Corporation d:\program files\microsoft office\office\osa9.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe

+ RoboForm File not found: ;

HKLM\System\CurrentControlSet\Services

+ AudioSrv 管理基于 Windows 的程序的音频设备。如果此服务被终止，音频设备及其音效将不能正常工作。如果此服务被禁用，任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ Browser 维护网络上计算机的更新列表，并将列表提供给计算机指定浏览。如果服务停止，列表不会被更新或维护。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ CryptSvc 提供三种管理服务: 编录数据库服务，它确定 Windows 文件的签字; 受保护的根服务，它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务，它帮助注册此计算机获取证书。如果此服务被终止，这些管理服务将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp 通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。 Microsoft Corporation c:\windows\system32\svchost.exe

+ Dnscache 为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止，计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用，任何明确依赖它的服务将不能启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog 启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。 Microsoft Corporation c:\windows\system32\services.exe

+ ewido security suite control ewido control ewido networks d:\program files\ewido\security suite\ewidoctrl.exe

+ ewido security suite guard guard ewido networks d:\program files\ewido\security suite\ewidoguard.exe

+ helpsvc 启用在此计算机上运行帮助和支持中心。如果停止服务，帮助和支持中心将不可用。如果禁用服务，任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ ImapiService 用 Image Mastering Applications Programming Interface (IMAPI) 管理 CD 录制。如果停止该服务，这台计算机将无法录制 CD。如果该服务被停用，任何依靠它的服务都无法启动。 Microsoft Corporation c:\windows\system32\imapi.exe

+ lanmanserver 支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止，这些功能不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanworkstation 创建和维护到远程服务的客户端网络连接。如果服务停止，这些连接将不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ NVSvc NVIDIA Driver Helper Service, Version 43.51 NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ PlugPlay 使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。 Microsoft Corporation c:\windows\system32\services.exe

+ ProtectedStorage 提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。 Microsoft Corporation c:\windows\system32\lsass.exe

+ RfwService Rising Personal Firewall Service Beijing Rising Technology Corporation Limited c:\program files\rising\rfw\rfwsrv.exe

+ RpcSs 提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。 Microsoft Corporation c:\windows\system32\svchost.exe

+ RsCCenter CCenter rising c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMon Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

+ SamSs 存储本地用户帐户的安全信息。 Microsoft Corporation c:\windows\system32\lsass.exe

+ Schedule 使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止，这些任务将无法在日程时间里运行。如果此服务被禁用，任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS 跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。 Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess 为家庭或小型办公网络提供网络地址转换，定址以及名称解析和/或防止入侵服务。 Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe

+ srservice 执行系统还原功能。要停止服务，请从“我的电脑”的属性中的系统还原选项卡关闭系统还原 Microsoft Corporation c:\windows\system32\svchost.exe

+ Themes 为用户提供使用主题管理的经验。 Microsoft Corporation c:\windows\system32\svchost.exe

+ winmgmt 提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止，多数基于 Windows 的软件将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player Microsoft Windows Media Player 安装实用程序 Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Messenger ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Windows 桌面更新 Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ 通讯簿 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ 浏览器自定义组件 Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ 组件类别缓存程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

duzheng - 2005-11-14 9:59:00

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guardd:\program files\ewido\security suite\shellhook.dll

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ GDI+ 文件缩略图解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ HTML 缩略图的解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ PicaViewFile not found: d:\Program Files\ACDSee\picaview.dll

+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Moduled:\program files\acd systems\roboenhancer\scriptdropshellext.dll

+ Shell Image Data FactoryWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image Property HandlerWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image VerbsWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ 摘要信息缩略图处理程序(DOCFILES)Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ ltmenu Classmenu Module北京莲塘软件技术有限公司c:\program files\ltucx\1002\c0.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent2005\qq\qqiehelper.dll

+ {724d43a9-0d85-11d4-9908-00400523e39a}RoboForm Main ModuleSiber Systemsc:\program files\siber systems\ai roboform\roboform.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbaru.dllToolbarICQ Inc.d:\program files\icqtoolbar\toolbaru.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ ICQ LiteICQLiteICQ Ltd.d:\program files\icqlite\icqlite.exe

+ RoboForm 工具栏(&2)c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html

+ 视频聊天File not found: http://www.liantang.net

+ 腾讯QQQQTENCENTd:\program files\tencent2005\qq\qq.exe

+ 中学作业File not found: http://www.xunlun.com

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll

+ oleaut32Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating SystemsMicrosoft Corporationc:\windows\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll

+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\logon.scrLogon Screen SaverMicrosoft Corporationc:\windows\system32\logon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{314C0CB5-8698-4992-BC98-2BEBBE452291}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{314C0CB5-8698-4992-BC98-2BEBBE452291}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EC351DA-18FB-4F39-86ED-AE612DCB14E6}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EC351DA-18FB-4F39-86ED-AE612DCB14E6}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3AF8641-66BF-4CB8-951D-B0A65FF71E77}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3AF8641-66BF-4CB8-951D-B0A65FF71E77}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [TCP/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [UDP/IP]c:\windows\system32\tcpipdog0.dll

+ RSVP TCP Service Providerc:\windows\system32\tcpipdogr0.dll

+ RSVP UDP Service Providerc:\windows\system32\tcpipdogr0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll

+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll

+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll

BlackStone - 2005-11-14 10:07:00

保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

duzheng - 2005-11-14 10:13:00

sorry 刚刚忘刷新了,从新弄了一下

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ICQ LiteFile not found: ;

+ iparmorFile not found: ;

+ LenSoftFile not found: ;

+ LskbdrvFile not found: ;

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ nwizNVIDIA nView Wizard, Version 43.51 NVIDIA Corporationc:\windows\system32\nwiz.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe

+ Super Rabbit SafeEditSuper Rabbit Safe File ClientSuper Rabbit Softd:\program files\super rabbit\magicset\srfc.exe

+ Super Rabbit SRRestoreSuper Rabbit Softd:\program files\super rabbit\magicset\srrest.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ RoboFormFile not found: ;

HKLM\System\CurrentControlSet\Services

+ ewido security suite controlewido controlewido networksd:\program files\ewido\security suite\ewidoctrl.exe

+ ewido security suite guardguardewido networksd:\program files\ewido\security suite\ewidoguard.exe

+ NVSvcNVIDIA Driver Helper Service, Version 43.51NVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guardd:\program files\ewido\security suite\shellhook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ PicaViewFile not found: d:\Program Files\ACDSee\picaview.dll

+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Moduled:\program files\acd systems\roboenhancer\scriptdropshellext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ ltmenu Classmenu Module北京莲塘软件技术有限公司c:\program files\ltucx\1002\c0.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent2005\qq\qqiehelper.dll

+ {724d43a9-0d85-11d4-9908-00400523e39a}RoboForm Main ModuleSiber Systemsc:\program files\siber systems\ai roboform\roboform.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbaru.dllToolbarICQ Inc.d:\program files\icqtoolbar\toolbaru.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ ICQ LiteICQLiteICQ Ltd.d:\program files\icqlite\icqlite.exe

+ RoboForm 工具栏(&2)c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html

+ 视频聊天File not found: http://www.liantang.net

+ 腾讯QQQQTENCENTd:\program files\tencent2005\qq\qq.exe

+ 中学作业File not found: http://www.xunlun.com

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD Tcpip [RAW/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [TCP/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [UDP/IP]c:\windows\system32\tcpipdog0.dll

+ RSVP TCP Service Providerc:\windows\system32\tcpipdogr0.dll

+ RSVP UDP Service Providerc:\windows\system32\tcpipdogr0.dll

瑞星卡卡安全论坛