瑞星卡卡安全论坛
xiaoshzi - 2007-6-22 21:52:00
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ c:\windows\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ cmdbcs File not found: C:\WINDOWS\cmdbcs.exe
+ IMSCMig File not found: ;
+ kav Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ KernelFaultCheck File not found: ;
+ Kvsc3 c:\windows\kvsc3.exe
+ Microsoft Autorun1 c:\windows\system32\nwizdh.exe
+ Microsoft Autorun10 c:\windows\system32\nwizwmgjs.exe
+ Microsoft Autorun7 c:\windows\system32\nwiztlbu.exe
+ Microsoft Autorun9 c:\windows\system32\ravasktao.exe
+ mppds File not found: C:\WINDOWS\mppds.exe
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe
+ runeip Rising AntiSpyware Monitor Beijing Rising Technology Co., Ltd. c:\program files\rising\antispyware\runiep.exe
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe
+ ssebyly c:\program files\common files\system\duvadvm.exe
+ ssebyly c:\program files\common files\system\duvadvm.exe
+ sxulolg c:\program files\common files\microsoft shared\cilpnoi.exe
+ TIMHost File not found: C:\WINDOWS\TIMHost.exe
+ yok.exe yok.exe YOK.Com c:\program files\yok\yok.exe
+ yok.exe yok.exe YOK.Com c:\program files\yok\yok.exe
C:\Documents and Settings\user\「开始」菜单\程序\启动
+ 腾讯QQ.lnk QQ TENCENT c:\program files\tencent\qq\qq.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe
+ jiajiasr 加加输入法 4.01 作者:孙百川 加加工作组 c:\program files\jj4\jiajiasr.exe
+ swg File not found: C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ its Microsoft? InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ms-its Microsoft? InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ mso-offdap11 Microsoft Office Web Components 2003 Microsoft Corporation c:\program files\common files\microsoft shared\web components\11\owc11.dll
+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ sysimage Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player 安装实用程序 Microsoft Corporation c:\windows\inf\unregmp2.exe
+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows 桌面更新 Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ 通讯簿 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ 浏览器自定义组件 Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui 预加载程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 组件类别缓存程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ syswfgqq2.dll c:\program files\common files\microsoft shared\msinfo\syswfgqq2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll
+ ActiveX 高速缓存文件夹 Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll
+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl
+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Context Menu Shell Extension c:\program files\sanlink\input_ntss\contmenu.dll
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
xiaoshzi - 2007-6-22 21:54:00
+ Display TroubleShoot CPL ExtensionAdvanced display performance propertiesMicrosoft Corporationc:\windows\system32\deskperf.dll
+ DS Security PageDirectory Service Security UIMicrosoft Corporationc:\windows\system32\dssec.dll
+ Extensions Manager FolderExtensions ManagerMicrosoft Corporationc:\windows\system32\extmgr.dll
+ Favorites BandShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ FTP Folders WebviewMicrosoft Internet Explorer FTP Folder Shell ExtensionMicrosoft Corporationc:\windows\system32\msieftp.dll
+ GDI+ 文件缩略图解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ HTML 缩略图的解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ ICC 配置文件Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll
+ ICM 打印机管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll
+ ICM 监视器管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll
+ ICM 扫描仪管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll
+ IE4 套件初始屏幕Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Installed Apps EnumeratorShell Application ManagerMicrosoft Corporationc:\windows\system32\appwiz.cpl
+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Internet Name SpaceShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ InternetShortcutShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ ISFBand OCShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet HandlerMicrosoft Agent Property Sheet HandlerMicrosoft Corporationc:\windows\msagent\agentpsh.dll
+ Microsoft AutoCompleteShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Microsoft Browser ArchitectureShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Microsoft BrowserBandShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Microsoft DocProp Inplace Calendar ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell ExtMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll
+ Microsoft Internet 工具栏Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationc:\program files\microsoft office\office11\msohev.dll
+ Microsoft Url History 服务Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Microsoft Url 搜索挂接Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Microsoft 多个自动完成列表容器Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Microsoft 历史自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Microsoft 数据链接Microsoft Data Access - OLE DB Core ServicesMicrosoft Corporationc:\program files\common files\system\ole db\oledb32.dll
+ Microsoft 外壳文件夹自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Midi Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll
+ MMC Icon HandlerMMC Shell Extension DLLMicrosoft Corporationc:\windows\system32\mmcshext.dll
+ MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Multimedia File Property SheetControl Panel Drivers AppletMicrosoft Corporationc:\windows\system32\mmsys.cpl
+ MyDocs Copy HookMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll
+ MyDocs Drop TargetMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll
+ MyDocs PropertiesMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll
+ NTFS Security PageSecurity Shell ExtensionMicrosoft Corporationc:\windows\system32\rshx32.dll
+ Offline Files Folder OptionsClient Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll
+ Offline Files MenuClient Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll
+ OLE Docfile Property PageOLE DocFile Property PageMicrosoft Corporationc:\windows\system32\docprop.dll
+ PicaViewPicaView 系统扩展 DLLACD Systems, Ltd.c:\program files\acdsee\picaview.dll
+ PlusPack CPL ExtensionWindows Theme APIMicrosoft Corporationc:\windows\system32\themeui.dll
+ PostAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ Printers Security PageSecurity Shell ExtensionMicrosoft Corporationc:\windows\system32\rshx32.dll
+ Remote Sessions CPL ExtensionRemote Sessions CPL ExtensionMicrosoft Corporationc:\windows\system32\remotepg.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Search Assistant OCShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Sendmail serviceSend MailMicrosoft Corporationc:\windows\system32\sendmail.dll
+ Sendmail serviceSend MailMicrosoft Corporationc:\windows\system32\sendmail.dll
+ Set Program Access and DefaultsShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Shell Application ManagerShell Application ManagerMicrosoft Corporationc:\windows\system32\appwiz.cpl
+ Shell Automation Inproc ServiceShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Shell Band Site MenuShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Shell DocObject ViewerShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objectsNetwork object shell UIMicrosoft Corporationc:\windows\system32\ntlanui2.dll
+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\windows\system32\ntshrui.dll
+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\windows\system32\ntshrui.dll
+ Shell Image Data FactoryWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ Shell Image Property HandlerWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ Shell Image VerbsWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ Shell properties for a DS objectDirectory Service FindMicrosoft Corporationc:\windows\system32\dsquery.dll
+ Shell Scrap DataHandlerShell scrap object handlerMicrosoft Corporationc:\windows\system32\shscrap.dll
+ Shell Search BandShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Subscription MgrWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ Tasks Folder Icon HandlerTask Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll
+ Tasks Folder Shell ExtensionTask Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll
+ TrayAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ TridentImageExtractorShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ Video Media Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll
+ Video Thumbnail ExtractorMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll
+ Wav Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll
+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll
+ Web Printer Shell ExtensionPrint UI DLLMicrosoft Corporationc:\windows\system32\printui.dll
+ Web 搜索Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
xiaoshzi - 2007-6-22 21:55:00
+ WebCheck SyncMgr HandlerWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ WebCheckChannelAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ WebCheckWebCrawlerWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ Web反病毒保护Script Monitor Internet Explorer pluginKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
+ Windows Media Player Add to Playlist Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll
+ Windows Script Host 的外壳扩展Microsoft (r) Shell Extension for Windows Script HostMicrosoft Corporationc:\windows\system32\wshext.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
+ 帮助和支持Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 帮助和支持Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 补充的外壳文件夹Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 补充的外壳文件夹 2Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 窗格中的搜索Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 地址 EditBoxShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 地址(&A)Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 电子邮件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 跟踪弹出栏Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 公文包Windows BriefcaseMicrosoft Corporationc:\windows\system32\syncui.dll
+ 管理工具Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 获取 Passport 向导Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll
+ 可访问的Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 历史记录Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 频道句柄对象Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll
+ 频道快捷方式Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll
+ 频道文件Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll
+ 全局文件夹设置Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 任务计划Task Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll
+ 任务栏和「开始」菜单Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll
+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll
+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll
+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll
+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll
+ 搜索Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 搜索区Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 通过 Web 订购照片Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll
+ 脱机文件夹Client Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll
+ 外壳 DeskBarShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 外壳 DeskBarAppShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 外壳 Rebar BandSiteShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 外壳出版向导对象Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll
+ 网络出版向导Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll
+ 网络连接Network Connections ShellMicrosoft Corporationc:\windows\system32\netshell.dll
+ 网络连接Network Connections ShellMicrosoft Corporationc:\windows\system32\netshell.dll
+ 下载状态Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 压缩(zipped)文件夹Compressed (zipped) FoldersMicrosoft Corporationc:\windows\system32\zipfldr.dll
+ 以前的版本Previous Versions property pageMicrosoft Corporationc:\windows\system32\twext.dll
+ 以前的版本属性页Previous Versions property pageMicrosoft Corporationc:\windows\system32\twext.dll
+ 用户(&P)...Find PeopleMicrosoft Corporationc:\program files\outlook express\wabfind.dll
+ 用户帮助Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 用户帐户Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll
+ 预订文件夹Web Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
+ 运行...Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 摘要信息缩略图处理程序(DOCFILES)Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll
+ 注册数目路选项实用程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 自定义 MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 字体Windows Font FolderMicrosoft Corporationc:\windows\system32\fontext.dll
+ 字体Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
+ 浏览器栏Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Cbho Object无忧上网工具条软件CHINA INTERNET NETWORK INFORMATION CENTERc:\program files\ieup\ieupbho.dll
+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar2.dll
+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll
+ 珊瑚虫超级搜索toolbar.dllYOK.Comc:\program files\yok\toolbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ toolbar.dlltoolbar.dllYOK.Comc:\program files\yok\toolbar.dll
xiaoshzi - 2007-6-22 21:57:00
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll
+ googletoolbar2.dllGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar2.dll
+ 珊瑚虫超级搜索toolbar.dllYOK.Comc:\program files\yok\toolbar.dll
+ 无忧上网工具条无忧上网工具条插件CHINA INTERNET NETWORK INFORMATION CENTERc:\program files\ieup\ieupbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe
HKLM\System\CurrentControlSet\Services
+ AudioSrv管理基于 Windows 的程序的音频设备。如果此服务被终止,音频设备及其音效将不能正常工作。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\audiosrv.dll
+ AVP保护计算机远离病毒和间谍软件的威胁。Kaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ CryptSvc提供三种管理服务: 编录数据库服务,它确定 Windows 文件的签字; 受保护的根服务,它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务,它帮助注册此计算机获取证书。如果此服务被终止,这些管理服务将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\cryptsvc.dll
+ DcomLaunch为 DCOM 服务提供加载功能。Microsoft Corporationc:\windows\system32\rpcss.dll
+ dmserver监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止,动态磁盘状态和配置信息会过时。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corp.c:\windows\system32\dmserver.dll
+ Eventlog启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。Microsoft Corporationc:\windows\system32\services.exe
+ lanmanserver支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止,这些功能不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。Microsoft Corporationc:\windows\system32\srvsvc.dll
+ lanmanworkstation创建和维护到远程服务的客户端网络连接。如果服务停止,这些连接将不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。Microsoft Corporationc:\windows\system32\wkssvc.dll
+ Netman管理“网络和拨号连接”文件夹中对象,在其中您可以查看局域网和远程连接。Microsoft Corporationc:\windows\system32\netman.dll
+ PlugPlay使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。Microsoft Corporationc:\windows\system32\services.exe
+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储,以便防止未授权的服务,过程或用户对其的非法访问。Microsoft Corporationc:\windows\system32\lsass.exe
+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\windows\system32\rpcss.dll
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\windows\system32\lsass.exe
+ seclogon启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\seclogon.dll
+ SENS跟踪系统事件,如登录 Windows,网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\windows\system32\sens.dll
+ ShellHWDetection为自动播放硬件事件提供通知。Microsoft Corporationc:\windows\system32\shsvcs.dll
+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\windows\system32\spoolsv.exe
+ TrkWks在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。Microsoft Corporationc:\windows\system32\trkwks.dll
+ winmgmt提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止,多数基于 Windows 的软件将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\wbem\wmisvc.dll
HKLM\System\CurrentControlSet\Services
+ ACPIACPI Driver for NTMicrosoft Corporationc:\windows\system32\drivers\acpi.sys
+ aecMicrosoft Acoustic Echo CancellerMicrosoft Corporationc:\windows\system32\drivers\aec.sys
+ AFDAFD 网络支持环境Microsoft Corporationc:\windows\system32\drivers\afd.sys
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ AliIdeFile not found: System32\DRIVERS\aliide.sys
+ AmdK7Processor Device DriverMicrosoft Corporationc:\windows\system32\drivers\amdk7.sys
+ AsyncMacRAS Asynchronous Media DriverMicrosoft Corporationc:\windows\system32\drivers\asyncmac.sys
+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\windows\system32\drivers\atapi.sys
+ AtmarpcATM ARP Client ProtocolMicrosoft Corporationc:\windows\system32\drivers\atmarpc.sys
+ audstubAudStub DriverMicrosoft Corporationc:\windows\system32\drivers\audstub.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\windows\system32\drivers\cdrom.sys
+ CIDCUSBCIDC CTL and Interrupt USB Reader DriverCIDC.c:\windows\system32\drivers\cidcusb.sys
+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys
+ DiskPnP Disk DriverMicrosoft Corporationc:\windows\system32\drivers\disk.sys
+ dmioNT Disk Manager I/O DriverMicrosoft Corp., Veritas Softwarec:\windows\system32\drivers\dmio.sys
+ dmloadNT Disk Manager Startup DriverMicrosoft Corp., Veritas Software.c:\windows\system32\drivers\dmload.sys
+ DMusicMicrosoft Kernel DLS SynthesizerMicrosoft Corporationc:\windows\system32\drivers\dmusic.sys
+ dot4One Cool TransportMicrosoft Corporationc:\windows\system32\drivers\dot4.sys
+ Dot4PrintDot4 Printer DriverMicrosoft Corporationc:\windows\system32\drivers\dot4prt.sys
+ dot4usbDOT4USB filter driverMicrosoft Corporationc:\windows\system32\drivers\dot4usb.sys
+ drmkaudMicrosoft Kernel DRM Audio Descrambler FilterMicrosoft Corporationc:\windows\system32\drivers\drmkaud.sys
+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\windows\system32\drivers\fdc.sys
+ FlpydiskFloppy DriverMicrosoft Corporationc:\windows\system32\drivers\flpydisk.sys
+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\windows\system32\drivers\fsvga.sys
+ FtdiskFT Disk DriverMicrosoft Corporationc:\windows\system32\drivers\ftdisk.sys
+ gameenumGame Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\gameenum.sys
+ GpcGeneric Packet ClassifierMicrosoft Corporationc:\windows\system32\drivers\msgpc.sys
+ HidUsbUSB Miniport Driver for Input DevicesMicrosoft Corporationc:\windows\system32\drivers\hidusb.sys
+ HTTP此服务实现超文本传送协议(HTTP)。如果此服务被禁用,任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\drivers\http.sys
+ i8042prti8042 Port DriverMicrosoft Corporationc:\windows\system32\drivers\i8042prt.sys
+ ialmIntel Graphics Miniport DriverIntel Corporationc:\windows\system32\drivers\ialmnt5.sys
+ ImapiIMAPI Kernel DriverMicrosoft Corporationc:\windows\system32\drivers\imapi.sys
+ IntelIdeIntel PCI IDE DriverMicrosoft Corporationc:\windows\system32\drivers\intelide.sys
+ intelppmProcessor Device DriverMicrosoft Corporationc:\windows\system32\drivers\intelppm.sys
+ Ip6Fw为家庭和小型办公网络提供入侵保护服务。Microsoft Corporationc:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriverIP Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\ipfltdrv.sys
+ IpInIpIP in IP Tunnel DriverMicrosoft Corporationc:\windows\system32\drivers\ipinip.sys
+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\windows\system32\drivers\ipnat.sys
+ IPSecIPSEC driverMicrosoft Corporationc:\windows\system32\drivers\ipsec.sys
+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\windows\system32\drivers\irenum.sys
+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\windows\system32\drivers\isapnp.sys
+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\windows\system32\drivers\kbdclass.sys
+ kl1Kaspersky Unified DriverKaspersky Labc:\windows\system32\drivers\kl1.sys
+ klifspuper-ptorKaspersky Labc:\windows\system32\drivers\klif.sys
+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\windows\system32\drivers\kmixer.sys
+ MouclassMouse Class DriverMicrosoft Corporationc:\windows\system32\drivers\mouclass.sys
+ mouhidHID Mouse Filter DriverMicrosoft Corporationc:\windows\system32\drivers\mouhid.sys
+ ms_mpu401MPU401 Adapter DriverMicrosoft Corporationc:\windows\system32\drivers\msmpu401.sys
+ MSKSSRVMS KS ServerMicrosoft Corporationc:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\windows\system32\drivers\mspclock.sys
+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\windows\system32\drivers\mspqm.sys
+ mssmbiosSystem Management BIOS DriverMicrosoft Corporationc:\windows\system32\drivers\mssmbios.sys
+ NdisTapiRemote Access NDIS TAPI DriverMicrosoft Corporationc:\windows\system32\drivers\ndistapi.sys
+ NdisuioNDIS 用户模式 I/O 协议Microsoft Corporationc:\windows\system32\drivers\ndisuio.sys
+ NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\windows\system32\drivers\ndiswan.sys
+ NetBTNetBios over TcpipMicrosoft Corporationc:\windows\system32\drivers\netbt.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkflt.sys
xiaoshzi - 2007-6-22 21:58:00
+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkfwd.sys
+ ParportParallel Port DriverMicrosoft Corporationc:\windows\system32\drivers\parport.sys
+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\windows\system32\drivers\pci.sys
+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\windows\system32\drivers\pciide.sys
+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\windows\system32\drivers\raspptp.sys
+ PSchedQoS Packet SchedulerMicrosoft Corporationc:\windows\system32\drivers\psched.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\windows\system32\drivers\rasacd.sys
+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe远程访问 PPPOE 驱动程序Microsoft Corporationc:\windows\system32\drivers\raspppoe.sys
+ RasptiDirect ParallelMicrosoft Corporationc:\windows\system32\drivers\raspti.sys
+ RDPCDDRDP MiniportMicrosoft Corporationc:\windows\system32\drivers\rdpcdd.sys
+ rdpdrMicrosoft RDP Device redirectorMicrosoft Corporationc:\windows\system32\drivers\rdpdr.sys
+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\windows\system32\drivers\redbook.sys
+ RsNTGDIRsNTGDIBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\rsntgdi.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ safemonSystem Safety Monitor 2.x extension for Windows security layerSystem Safety Limitedc:\windows\system32\drivers\safemon.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ serenumSerial Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\serenum.sys
+ SerialSerial Device DriverMicrosoft Corporationc:\windows\system32\drivers\serial.sys
+ SfloppySCSI Floppy DriverMicrosoft Corporationc:\windows\system32\drivers\sfloppy.sys
+ splitterMicrosoft Kernel Audio SplitterMicrosoft Corporationc:\windows\system32\drivers\splitter.sys
+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\windows\system32\drivers\swenum.sys
+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\windows\system32\drivers\swmidi.sys
+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\windows\system32\drivers\sysaudio.sys
+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\tcpip.sys
+ TermDDTerminal Server DriverMicrosoft Corporationc:\windows\system32\drivers\termdd.sys
+ UpdateUpdate DriverMicrosoft Corporationc:\windows\system32\drivers\update.sys
+ usbehciEHCI eUSB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbehci.sys
+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\windows\system32\drivers\usbhub.sys
+ usbscanUSB Scanner DriverMicrosoft Corporationc:\windows\system32\drivers\usbscan.sys
+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\windows\system32\drivers\usbstor.sys
+ usbuhciUHCI USB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbuhci.sys
+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\windows\system32\drivers\vga.sys
+ viaagpVIA NT AGP FilterMicrosoft Corporationc:\windows\system32\drivers\viaagp.sys
+ WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\windows\system32\drivers\wanarp.sys
+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\windows\system32\drivers\wdmaud.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ 360rpt.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ 360Safe.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ 360tray.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ adam.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AgentSvr.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AppSvc32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ ArSwp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AST.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ autoruns.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avconsol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avgrssvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AvMonitor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avp.comc:\program files\common files\microsoft shared\cilpnoi.exe
+ avp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ CCenter.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ ccSvcHst.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ EGHOST.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FileDsty.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FTCleanerShell.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FYFireWall.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ HijackThis.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ IceSword.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ iparmo.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Iparmor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ isPwdSvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kabaload.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KaScrScn.SCRc:\program files\common files\microsoft shared\cilpnoi.exe
+ KASMain.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KASTask.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAV32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVDX.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVPF.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVPFW.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVSetup.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVStart.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KISLnchr.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KMailMon.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KMFilter.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPFW32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPFW32X.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPfwSvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KRegEx.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KRepair.comc:\program files\common files\microsoft shared\cilpnoi.exe
+ KsLoader.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVCenter.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KvDetect.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvfwMcl.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVMonXP.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVMonXP_1.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ kvol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kvolself.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvReport.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVScan.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVSrvXP.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVStub.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ kvupload.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kvwsc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvXP.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KvXP_1.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatch.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatch9x.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatchX.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ loaddll.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ MagicSet.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mcconsol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mmqczj.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mmsk.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Navapsvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Navapw32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32krn.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32kui.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ NPFMntor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ PFW.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ PFWLiveUpdate.exec:\program files\common files\microsoft shared\cilpnoi.exe
xiaoshzi - 2007-6-22 22:00:00
+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkfwd.sys
+ ParportParallel Port DriverMicrosoft Corporationc:\windows\system32\drivers\parport.sys
+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\windows\system32\drivers\pci.sys
+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\windows\system32\drivers\pciide.sys
+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\windows\system32\drivers\raspptp.sys
+ PSchedQoS Packet SchedulerMicrosoft Corporationc:\windows\system32\drivers\psched.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\windows\system32\drivers\rasacd.sys
+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe远程访问 PPPOE 驱动程序Microsoft Corporationc:\windows\system32\drivers\raspppoe.sys
+ RasptiDirect ParallelMicrosoft Corporationc:\windows\system32\drivers\raspti.sys
+ RDPCDDRDP MiniportMicrosoft Corporationc:\windows\system32\drivers\rdpcdd.sys
+ rdpdrMicrosoft RDP Device redirectorMicrosoft Corporationc:\windows\system32\drivers\rdpdr.sys
+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\windows\system32\drivers\redbook.sys
+ RsNTGDIRsNTGDIBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\rsntgdi.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ safemonSystem Safety Monitor 2.x extension for Windows security layerSystem Safety Limitedc:\windows\system32\drivers\safemon.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ serenumSerial Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\serenum.sys
+ SerialSerial Device DriverMicrosoft Corporationc:\windows\system32\drivers\serial.sys
+ SfloppySCSI Floppy DriverMicrosoft Corporationc:\windows\system32\drivers\sfloppy.sys
+ splitterMicrosoft Kernel Audio SplitterMicrosoft Corporationc:\windows\system32\drivers\splitter.sys
+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\windows\system32\drivers\swenum.sys
+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\windows\system32\drivers\swmidi.sys
+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\windows\system32\drivers\sysaudio.sys
+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\tcpip.sys
+ TermDDTerminal Server DriverMicrosoft Corporationc:\windows\system32\drivers\termdd.sys
+ UpdateUpdate DriverMicrosoft Corporationc:\windows\system32\drivers\update.sys
+ usbehciEHCI eUSB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbehci.sys
+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\windows\system32\drivers\usbhub.sys
+ usbscanUSB Scanner DriverMicrosoft Corporationc:\windows\system32\drivers\usbscan.sys
+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\windows\system32\drivers\usbstor.sys
+ usbuhciUHCI USB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbuhci.sys
+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\windows\system32\drivers\vga.sys
+ viaagpVIA NT AGP FilterMicrosoft Corporationc:\windows\system32\drivers\viaagp.sys
+ WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\windows\system32\drivers\wanarp.sys
+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\windows\system32\drivers\wdmaud.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ 360rpt.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ 360Safe.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ 360tray.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ adam.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AgentSvr.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AppSvc32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ ArSwp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AST.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ autoruns.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avconsol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avgrssvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ AvMonitor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ avp.comc:\program files\common files\microsoft shared\cilpnoi.exe
+ avp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ CCenter.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ ccSvcHst.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ EGHOST.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FileDsty.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FTCleanerShell.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ FYFireWall.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ HijackThis.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ IceSword.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ iparmo.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Iparmor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ isPwdSvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kabaload.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KaScrScn.SCRc:\program files\common files\microsoft shared\cilpnoi.exe
+ KASMain.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KASTask.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAV32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVDX.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVPF.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVPFW.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVSetup.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KAVStart.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KISLnchr.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KMailMon.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KMFilter.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPFW32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPFW32X.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KPfwSvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KRegEx.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KRepair.comc:\program files\common files\microsoft shared\cilpnoi.exe
+ KsLoader.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVCenter.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KvDetect.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvfwMcl.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVMonXP.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVMonXP_1.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ kvol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kvolself.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvReport.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVScan.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KVSrvXP.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KVStub.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ kvupload.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ kvwsc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KvXP.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KvXP_1.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatch.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatch9x.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ KWatchX.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ loaddll.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ MagicSet.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mcconsol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mmqczj.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ mmsk.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Navapsvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Navapw32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32krn.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ nod32kui.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ NPFMntor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ PFW.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ PFWLiveUpdate.exec:\program files\common files\microsoft shared\cilpnoi.exe
�火影忍者 - 2007-6-22 22:02:00
汗...!...整个社区都没人来看的....!!
xiaoshzi - 2007-6-22 22:03:00
+ QHSET.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ QQDoctor.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ QQKav.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Ras.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Rav.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RavMon.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RavMonD.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RavStub.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RavTask.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RegClean.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ rfwcfg.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ rfwmain.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ rfwsrv.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ RsAgent.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Rsaupd.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ rstrui.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ runiep.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ safelive.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ scan32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ shcfg32.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ SmartUp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ SREng.EXEc:\program files\common files\microsoft shared\cilpnoi.exe
+ symlcsvc.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ SysSafe.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ TrojanDetector.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Trojanwall.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ TrojDie.kxpc:\program files\common files\microsoft shared\cilpnoi.exe
+ UIHost.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UmxAgent.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UmxAttachment.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UmxCfg.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UmxFwHlp.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UmxPol.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ upiea.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ UpLive.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ USBCleaner.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ vsstat.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ webscanx.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ WoptiClean.exec:\program files\common files\microsoft shared\cilpnoi.exe
+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll
+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll
+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll
+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll
+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll
+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll
+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll
+ oleaut32Microsoft Corporationc:\windows\system32\oleaut32.dll
+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll
+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll
+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll
+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll
+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll
+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll
+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll
+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll
+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll
+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ \Program Files\Logonui\Royale.exeFile not found: \Program
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chainCrypto API32Microsoft Corporationc:\windows\system32\crypt32.dll
+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\windows\system32\cryptnet.dll
+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll
+ igfxcuiigfxsrvc ModuleIntel Corporationc:\windows\system32\igfxsrvc.dll
+ klogonLogon VisualizerKaspersky Labc:\windows\system32\klogon.dll
+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\windows\system32\sclgntfy.dll
+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ System Safety MonitorSystem Safety ManagerSystem Safety Limitedc:\windows\system32\ssmwinlogonex.dll
+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1ABCDC76-B23A-4A0A-9B37-CEF0D890EEC4}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1ABCDC76-B23A-4A0A-9B37-CEF0D890EEC4}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll
+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll
+ HP Master MonitorWin32 Master MonitorHewlett-Packardc:\windows\system32\hpbmmon.dll
+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll
+ Microsoft Document Imaging Writer MonitorMicrosoft? Document ImagingMicrosoft Corporationc:\windows\system32\mdimon.dll
+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll
+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll
+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
+ digest.dllDigest SSPI Authentication PackageMicrosoft Corporationc:\windows\system32\digest.dll
+ msapsspc.dllDPA Client for 32 bit platformsMicrosoft Corporationc:\windows\system32\msapsspc.dll
+ msnsspc.dllMSN Internet AccessMicrosoft Corporationc:\windows\system32\msnsspc.dll
+ schannel.dllTLS / SSL Security ProviderMicrosoft Corporationc:\windows\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberosKerberos Security PackageMicrosoft Corporationc:\windows\system32\kerberos.dll
+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll
+ schannelTLS / SSL Security ProviderMicrosoft Corporationc:\windows\system32\schannel.dll
+ wdigestMicrosoft Digest AccessMicrosoft Corporationc:\windows\system32\wdigest.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ LanmanWorkstationMicrosoft Windows NetworkMicrosoft Corporationc:\windows\system32\ntlanman.dll
+ RDPNPMicrosoft Terminal ServicesMicrosoft Corporationc:\windows\system32\drprov.dll
+ WebClientWeb Client NetworkMicrosoft Corporationc:\windows\system32\davclnt.dll
flyskymlf龙龙 - 2007-6-22 22:12:00
汗,用Sreng扫个日志阿
�火影忍者 - 2007-6-22 22:36:00
老大,会不会用autoruns扫日志啊...
这谁还帮你看啊...!
| 引用: |
【flyskymlf龙龙的贴子】汗,用Sreng扫个日志阿
……………… |
同意!!确实不少病毒!!
xiaoshzi - 2007-6-22 22:45:00
没办法啊,我不会用这个软件啊,但是刚才只有它能运行啊,SRENG根本就不能运行啊
现在病毒已经不出现了,我把用SRENG扫描的日志发上来
那位老大心情好,发个AUTORUNS的使用上来吧
mopery - 2007-6-22 22:49:00
sreng 改名 改 123.com 运行看看..
xiaoshzi - 2007-6-22 22:49:00
[CODE]
2007-11-15,22:19:56
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<jiajiasr><C:\Program Files\jj4\jiajiasr.exe> [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<HDCLIENT><C:\Program Files\安信CA\AXCAUserTools\HDClientTools.exe> [N/A]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><c:\windows\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Royale.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
==================================
启动文件夹
N/A
==================================
服务
[卡巴斯基反病毒6.0 / AVP][Stopped/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Disabled]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows Management Instrumentation Driver System / wmids][Stopped/Disabled]
<C:\Program Files\Common Files\System\wmids.exe><N/A>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start]
<System32\Drivers\CIDCUSB.sys><CIDC.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MegaIDE / MegaIDE][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[Network Monitor Protocol Driver / Ndisprot][Stopped/Disabled]
<system32\DRIVERS\winint.sys><Windows (R) 2000 DDK provider>
[npkcrypt / npkcrypt][Stopped/Disabled]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Disabled]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Stopped/Disabled]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
xiaoshzi - 2007-6-22 22:51:00
==================================
浏览器加载项
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[YOKHttpFilter Class]
{686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\Program Files\yok\adblock.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YOKAdBlock Class]
{718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\Program Files\yok\adblock.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CieupToolbar Object]
{D0CF5F20-674E-4D95-8516-6A7AD021740C} <C:\Program Files\ieup\ieupbho.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[珊瑚虫超级搜索]
<C:\PROGRA~1\yok\yoksch.htm, N/A>
==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[PID: 656][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1244][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3865]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3865]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3865]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3865]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3865]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\PROGRA~1\sanlink\INPUT_~1\contmenu.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1604][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 45]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1616][C:\Program Files\安信CA\AXCAUserTools\HDClientTools.exe] [N/A, N/A]
[C:\WINDOWS\system32\HD_APP.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\HDapp.dll] [, 1, 0, 3, 6 DEBUG 05:20 09 11]
[C:\WINDOWS\system32\HDMATH20B.dll] [CIDC, 1, 0, 0, 4]
[C:\WINDOWS\system32\HDIFD20B.dll] [CIDC., 1, 0, 9, 31]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1652][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[PID: 1700][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1732][C:\Program Files\jj4\jiajiasr.exe] [加加工作组, 4, 1, 0, 47]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 380][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
xiaoshzi - 2007-6-22 22:52:00
[C:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 7,0,225,1651]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 300]
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 9, 93]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQZip.dll] [TENCENT, 7,0,225,1651]
[PID: 1544][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,313,1681]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 572][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINDOWS\system32\TSOBase\TSOBase.ocx] [Tencent Corporation, 2007, 4, 10, 12]
[PID: 1880][C:\Documents and Settings\user\桌面\sss.exe] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1824][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA 错误: LoadLibraryA
RVA 错误: LoadLibraryExA
RVA 错误: LoadLibraryExW
RVA 错误: LoadLibraryW
==================================
[/CODE]
xiaoshzi - 2007-6-22 23:17:00
我压缩了病毒的样本有人要吗
1
© 2000 - 2026 Rising Corp. Ltd.