求救！病毒Trojan.Win32.Agent.iro、RootKit.Win32.Agent.sl bbs.ikaka.com

yuelihu - 2007-7-25 15:31:00

瑞星升级过了，但是就是无法杀掉两个病毒。

有两个病毒
Trojan.Win32.Agent.iro
RootKit.Win32.Agent.sl
用瑞星在安全模式下能查到，处理结果是
重启后删除文件，
但是重启后还存在！杀多少次都没用。

请高手解决啊！这几天被病毒烦死了！

附件: 8416162007725152215.jpg

yuelihu - 2007-7-25 15:43:00

[CODE]

2007-07-25,15:19:48

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<updateMgr><; D:\安装应用程序\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<Acrobat Assistant 7.0><; "D:\安装应用程序\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

yuelihu - 2007-7-25 15:43:00

==================================
启动文件夹
[兴业证券核新SSL通讯安全代理]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\兴业证券核新SSL通讯安全代理.lnk --> C:\PROGRA~1\hexin\sslproxy\SSLCnt.exe [杭州核新软件技术有限公司]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[3bd / 3bd0][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\3bd0.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\安装应用程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{A1626E66-B26B-C628-A1DF-BDACCFA26EE1} <C:\Program Files\Common Files\Relive.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[]
{D3626E66-B13B-C628-ACDF-BDABCFA265E1} <C:\Program Files\Common Files\Relive.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
{A1626E66-B26B-C628-A1DF-BDACCFA26EE1} <C:\Program Files\Common Files\Relive.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484F-8273-0445EE161910} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
{D3626E66-B13B-C628-ACDF-BDABCFA265E1} <C:\Program Files\Common Files\Relive.dll, N/A>
[上传到QQ网络硬盘]
<D:\安装应用程序\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\安装应用程序\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\安装应用程序\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\安装应用程序\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
<res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

yuelihu - 2007-7-25 15:45:00

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msplrct.dll] [N/A, ]
[PID: 580][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\psapi.dll] [Microsoft Corporation, 4.00]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 71]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\WINDOWS\system32\MSRD3x40.dll] [Microsoft Corporation, 4.00.6508.0]
[PID: 1184][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\n8yjcwa2a3.dll] [N/A, ]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
[D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\安装应用程序\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.0.2004121400\0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\安装应用程序\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 1232][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\安装应用程序\Acrobat 7.0\Distillr\AdistRes.CHS] [, ]
[C:\WINDOWS\system32\OLFMNT40.DLL] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 6, 1, 524, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 1, 520, 1]
[PID: 1448][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

yuelihu - 2007-7-25 15:48:00

[PID: 1540][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1636][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4396]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1664][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1808][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1824][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.39]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1848][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.15]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1860][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1924][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1932][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2000][C:\Program Files\hexin\sslproxy\SSLCnt.exe] [杭州核新软件技术有限公司, 1.106.2004.1014]
[C:\Program Files\hexin\sslproxy\crypteng.dll] [杭州核新软件技术有限公司, 1.44.2003.0426]
[C:\Program Files\hexin\sslproxy\sslproxy.dll] [杭州核新软件技术有限公司, 1.52.2002.326]
[C:\Program Files\hexin\sslproxy\CAsAPI.dll] [杭州核新软件技术有限公司, 1.49.2002.422]
[C:\Program Files\hexin\sslproxy\Scard.dll] [杭州核新软件技术有限公司, 1.02.2001.0529]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\hexin\sslproxy\CAs\CTCA.dll] [杭州核新软件技术有限公司, 1.05.2001.1116]
[C:\Program Files\hexin\sslproxy\CAs\RH.dll] [杭州核新软件技术有限公司, 1.07.2001.1207]
[C:\Program Files\hexin\sslproxy\CAs\Sheca.dll] [杭州核新软件技术有限公司, 1.08.2003.1014]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 220][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 216][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 360][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2328][D:\安装应用程序\世界之窗绿色版\TheWorldFull\TheWorld.exe] [Phoenix Studio, 1, 2, 3, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\安装应~1\世界之~1\THEWOR~1\Plugin\SysState\SysState.dll] [Phoenix Stdio, 1, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3376][C:\Program Files\Rising\Rav\RsLogVw.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\MSRD3x40.dll] [Microsoft Corporation, 4.00.6508.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[PID: 3264][C:\Program Files\Microsoft Office\Office\WINWORD.EXE] [Microsoft Corporation, 9.0.2823]
[C:\Program Files\Microsoft Office\Office\MSO9.DLL] [Microsoft Corporation, 9.0.2812]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\RsPlugIn.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[D:\安装应用程序\Acrobat 7.0\PDFMaker\Office\PDFMOfficeAddin.dll] [Adobe Systems Incorporated, 7, 0, 0, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\安装应用程序\Acrobat 7.0\PDFMaker\Office\PDFMOfficeAddin.CHS] [Adobe Systems Incorporated, 7, 0, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\Proof\MSSPELL3.DLL] [Microsoft Corporation, 1.0.2217]
[C:\Program Files\Common Files\Microsoft Shared\Proof\mslid.dll] [Microsoft Corporation, 1.0.2305]
[D:\安装应用程序\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.dll] [, ]
[D:\安装应用程序\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.CHS] [, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.03.9108]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\Program Files\Common Files\Microsoft Shared\Proof\wdbrkchs.dll] [Microsoft Corporation, 1.0]
[C:\Program Files\Common Files\Microsoft Shared\Proof\2052\MSGR2EN.DLL] [Microsoft Corporation, 2.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 6, 1, 524, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 1, 520, 1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 3508, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[PID: 2284][E:\tools\专杀\sreng2new\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\tools\专杀\sreng2new\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

yuelihu - 2007-7-25 15:49:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1848, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2000, C:\PROGRAM FILES\HEXIN\SSLPROXY\SSLCNT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 220, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2328, D:\安装应用程序\世界之窗绿色版\THEWORLDFULL\THEWORLD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3376, C:\PROGRAM FILES\RISING\RAV\RSLOGVW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3264, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

Leoooo - 2007-7-25 16:25:00

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"2个选项
4 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以)，不要修改（一次发不完请分次发上来）
6 扫日志的时候尽量把不必要的软件关闭如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

yuelihu - 2007-7-25 16:42:00

运行瑞星卡卡上网安全助手电脑诊断日志

附件: 8416162007725163219.txt

Leoooo - 2007-7-25 16:48:00

找不到你上传的txt文件，重新上传试试

yuelihu - 2007-7-25 16:52:00

运行瑞星卡卡上网安全助手电脑诊断日志

附件: 8416162007725165855.txt

yuelihu - 2007-7-25 17:10:00

瑞星卡卡电脑诊断日志 v1.30 (2007-7-25 16:13:35) 北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Alerter
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 2. c:\windows\system32\alrsvc.dll
Microsoft Corporation
Alerter Service DLL
.text,.data,.rsrc,.reloc,

ALG
[A ] 3. c:\windows\system32\alg.exe
Microsoft Corporation
Application Layer Gateway Service
.text,.data,.rsrc,

AppMgmt
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 4. c:\windows\system32\appmgmts.dll
Microsoft Corporation
Software installation Service
.text,.data,.rsrc,.reloc,

aspnet_state
[A ] 5. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
Microsoft Corporation
aspnet_state.exe
.text,.data,.rsrc,

AudioSrv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 6. c:\windows\system32\audiosrv.dll
Microsoft Corporation
Windows Audio Service
.text,.data,.rsrc,.reloc,

BITS
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 7. c:\windows\system32\qmgr.dll
Microsoft Corporation
后台智能传送服务
.text,.data,.rsrc,.reloc,

Browser
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 8. c:\windows\system32\browser.dll
Microsoft Corporation
Computer Browser Service DLL
.text,.data,.rsrc,.reloc,

C-DillaCdaC11BA
[AM] 9. c:\windows\system32\drivers\cdac11ba.exe
Macrovision
Macrovision RTS Service
.text,.rdata,.data,.rsrc,

CiSvc
[A ] 10. c:\windows\system32\cisvc.exe
Microsoft Corporation
Content Index service
.text,.data,.rsrc,

ClipSrv
[A ] 11. c:\windows\system32\clipsrv.exe
Microsoft Corporation
Windows NT DDE Server
.text,.data,.rsrc,

COMSysApp
[A ] 12. c:\windows\system32\dllhost.exe
Microsoft Corporation
COM Surrogate
.text,.data,.rsrc,

CryptSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 13. c:\windows\system32\cryptsvc.dll
Microsoft Corporation
Cryptographic Services
.text,.data,.rsrc,.reloc,

DcomLaunch
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 14. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

Dhcp
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 15. c:\windows\system32\dhcpcsvc.dll
Microsoft Corporation
DHCP Client Service
.text,.data,.rsrc,.reloc,

dmadmin
[A ] 16. c:\windows\system32\dmadmin.exe
Microsoft Corp., Veritas Software
Logical Disk Manager service process
.text,.data,.rsrc,

dmserver
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 17. c:\windows\system32\dmserver.dll
Microsoft Corp.
Logical Disk Manager service dll
.text,.data,.rsrc,.reloc,

yuelihu - 2007-7-25 17:10:00

Dnscache
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 18. c:\windows\system32\dnsrslvr.dll
Microsoft Corporation
DNS Caching Resolver Service
.text,.data,.rsrc,.reloc,

Eventlog
[AM] 19. c:\windows\system32\services.exe
Microsoft Corporation
Services and Controller app
.text,.data,.rsrc,

EventSystem
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 20. c:\windows\system32\es.dll
Microsoft Corporation
.text,.orpc,.data,.rsrc,.reloc,

FastUserSwitchingCompatibility
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 21. c:\windows\system32\shsvcs.dll
Microsoft Corporation
Windows Shell Services Dll
.text,.data,.rsrc,.reloc,

gusvc
[A ] 22. c:\program files\google\common\google updater\googleupdaterservice.exe
Google
gusvc
.text,.rdata,.data,.rsrc,

helpsvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 23. c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Microsoft Corporation
Microsoft PCHealth Service Holder
.text,.data,.rsrc,.reloc,

HidServ
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

HTTPFilter
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 24. c:\windows\system32\w3ssl.dll
Microsoft Corporation
SSL service for HTTP
.text,.data,.rsrc,.reloc,

ImapiService
[A ] 25. c:\windows\system32\imapi.exe
Microsoft Corporation
Image Mastering API
.text,.data,.rsrc,

lanmanserver
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 26. c:\windows\system32\srvsvc.dll
Microsoft Corporation
Server Service DLL
.text,.data,.rsrc,.reloc,

lanmanworkstation
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 27. c:\windows\system32\wkssvc.dll
Microsoft Corporation
Workstation Service DLL
.text,.data,.rsrc,.reloc,

[AM] 28. c:\windows\system32\ntlanman.dll
Microsoft Corporation
Microsoft(R) Lan Manager
.text,.data,.rsrc,.reloc,

LmHosts
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 29. c:\windows\system32\lmhsvc.dll
Microsoft Corporation
TCPIP NetBios Transport Services DLL
.text,.data,.rsrc,.reloc,

Messenger
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 30. c:\windows\system32\msgsvc.dll
Microsoft Corporation
NT Messenger Service
.text,.data,.rsrc,.reloc,

mnmsrvc
[A ] 31. c:\windows\system32\mnmsrvc.exe
Microsoft Corporation
NetMeeting Remote Desktop Sharing
.text,.data,.rsrc,

MSDTC
[A ] 32. c:\windows\system32\msdtc.exe
Microsoft Corporation
MS DTC console program
.text,.data,.rsrc,

MSIServer
[A ] 33. c:\windows\system32\msiexec.exe
Microsoft Corporation
Windows? installer
.text,.data,.rsrc,

NetDDE
[A ] 34. c:\windows\system32\netdde.exe
Microsoft Corporation
Network DDE - DDE Communication
.text,.data,.rsrc,

yuelihu - 2007-7-25 17:11:00

NetDDEdsdm
[A ] 34. c:\windows\system32\netdde.exe
Microsoft Corporation
Network DDE - DDE Communication
.text,.data,.rsrc,

Netlogon
[AM] 35. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell (Export Version)
.text,.data,.rsrc,

Netman
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 36. c:\windows\system32\netman.dll
Microsoft Corporation
Network Connections Manager
.text,.data,.rsrc,.reloc,

Nla
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 37. c:\windows\system32\mswsock.dll
Microsoft Corporation
Microsoft Windows Sockets 2.0 Service Provider
.text,SANONTCP,.data,.rsrc,.reloc,

NtLmSsp
[AM] 35. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell (Export Version)
.text,.data,.rsrc,

NtmsSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 38. c:\windows\system32\ntmssvc.dll
Microsoft Corporation
Removable Storage Manager
.text,.data,.rsrc,.reloc,

PlugPlay
[AM] 19. c:\windows\system32\services.exe
Microsoft Corporation
Services and Controller app
.text,.data,.rsrc,

PolicyAgent
[AM] 35. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell (Export Version)
.text,.data,.rsrc,

ProtectedStorage
[AM] 35. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell (Export Version)
.text,.data,.rsrc,

RasAuto
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 39. c:\windows\system32\rasauto.dll
Microsoft Corporation
Remote Access AutoDial Manager
.text,.data,.rsrc,.reloc,

RasMan
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 40. c:\windows\system32\rasmans.dll
Microsoft Corporation
Remote Access Connection Manager
.text,.data,.rsrc,.reloc,

RDSessMgr
[A ] 41. c:\windows\system32\sessmgr.exe
Microsoft Corporation
Microsoft(R) Remote Desktop Help Session Manager
.text,.data,.rsrc,

RemoteAccess
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 42. c:\windows\system32\mprdim.dll
Microsoft Corporation
Dynamic Interface Manager
.text,.data,.rsrc,.reloc,

RemoteRegistry
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 43. c:\windows\system32\regsvc.dll
Microsoft Corporation
Remote Registry Service
.text,.data,.rsrc,.reloc,

RpcLocator
[A ] 44. c:\windows\system32\locator.exe
Microsoft Corporation
Rpc Locator
.text,.data,.rsrc,

RpcSs
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 14. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

[AM] 14. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

RsCCenter
[A ] 45. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,

RsRavMon
[A ] 46. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,

RSVP
[A ] 47. c:\windows\system32\rsvp.exe
Microsoft Corporation
Microsoft RSVP
.text,.data,.rsrc,

SamSs
[AM] 35. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell (Export Version)
.text,.data,.rsrc,

SCardSvr
[A ] 48. c:\windows\system32\scardsvr.exe
Microsoft Corporation
Smart Card Resource Management Server
.text,.data,.rsrc,

Schedule
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 49. c:\windows\system32\schedsvc.dll
Microsoft Corporation
Task Scheduler Engine
.text,.data,.rsrc,.reloc,

seclogon
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 50. c:\windows\system32\seclogon.dll
Microsoft Corporation
Secondary Logon Service DLL
.text,.data,.rsrc,.reloc,

yuelihu - 2007-7-25 17:11:00

SENS
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 51. c:\windows\system32\sens.dll
Microsoft Corporation
System Event Notification Service (SENS)
.text,.data,.rsrc,.reloc,

SharedAccess
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 52. c:\windows\system32\ipnathlp.dll
Microsoft Corporation
Microsoft NAT Helper Components
.text,.data,.rsrc,.reloc,

ShellHWDetection
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 21. c:\windows\system32\shsvcs.dll
Microsoft Corporation
Windows Shell Services Dll
.text,.data,.rsrc,.reloc,

Spooler
[AM] 53. c:\windows\system32\spoolsv.exe
Microsoft Corporation
Spooler SubSystem App
.text,.data,.rsrc,

srservice
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 54. c:\windows\system32\srsvc.dll
Microsoft Corporation
System Restore Service
.text,.data,.rsrc,.reloc,

SSDPSRV
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 55. c:\windows\system32\ssdpsrv.dll
Microsoft Corporation
SSDP Service DLL
.text,.data,.rsrc,.reloc,

stisvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 56. c:\windows\system32\wiaservc.dll
Microsoft Corporation
Still Image Devices Service
.text,.data,.rsrc,.reloc,

SwPrv
[A ] 12. c:\windows\system32\dllhost.exe
Microsoft Corporation
COM Surrogate
.text,.data,.rsrc,

SysmonLog
[A ] 57. c:\windows\system32\smlogsvc.exe
Microsoft Corporation
Performance Logs and Alerts Service
.text,.data,.rsrc,

TapiSrv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 58. c:\windows\system32\tapisrv.dll
Microsoft Corporation
Microsoft(R) Windows(TM) Telephony Server
.text,.data,.rsrc,.reloc,

TermService
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 59. c:\windows\system32\termsrv.dll
Microsoft Corporation
Terminal Server Service
.text,.data,.rsrc,.reloc,

Themes
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 21. c:\windows\system32\shsvcs.dll
Microsoft Corporation
Windows Shell Services Dll
.text,.data,.rsrc,.reloc,

TlntSvr
[A ] 60. c:\windows\system32\tlntsvr.exe
Microsoft Corporation
Telnet
.text,.data,.rsrc,

TrkWks
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 61. c:\windows\system32\trkwks.dll
Microsoft Corporation
Distributed Link Tracking Client
.text,.data,.rsrc,.reloc,

UMWdf
[AM] 62. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

upnphost
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 63. c:\windows\system32\upnphost.dll
Microsoft Corporation
UPnP Device Host
.text,.orpc,.data,.rsrc,.reloc,

UPS
[A ] 64. c:\windows\system32\ups.exe
Microsoft Corporation
UPS Service
.text,.data,.rsrc,

VSS
[A ] 65. c:\windows\system32\vssvc.exe
Microsoft Corporation
Microsoft(R) Volume Shadow Copy Service
.text,.data,.rsrc,

W32Time
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 66. c:\windows\system32\w32time.dll
Microsoft Corporation
Windows Time Service
.text,.data,.rsrc,.reloc,

WebClient
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 67. c:\windows\system32\webclnt.dll
Microsoft Corporation
Web DAV Service DLL
.text,.data,.rsrc,.reloc,

[AM] 68. c:\windows\system32\davclnt.dll
Microsoft Corporation
Web DAV Client DLL
.text,.data,.rsrc,.reloc,

winmgmt
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 69. c:\windows\system32\wbem\wmisvc.dll
Microsoft Corporation
WMI
.text,.data,.rsrc,.reloc,

WMConnectCDS
[A ] 70. c:\program files\windows media connect 2\wmccds.exe
Microsoft Corporation
Windows Media Connect
.text,.data,.rsrc,

WmdmPmSN
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 71. c:\windows\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,

yuelihu - 2007-7-25 17:12:00

Wmi
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 72. c:\windows\system32\advapi32.dll
Microsoft Corporation
Advanced Windows 32 Base API
.text,.data,.rsrc,.reloc,

WmiApSrv
[A ] 73. c:\windows\system32\wbem\wmiapsrv.exe
Microsoft Corporation
WMI Performance Adapter Service
.text,.data,.rsrc,

wscsvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 74. c:\windows\system32\wscsvc.dll
Microsoft Corporation
Windows Security Center Service
.text,.data,.rsrc,.reloc,

wuauserv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 75. c:\windows\system32\wuauserv.dll
Microsoft Corporation
Windows Update AutoUpdate Service
.text,.data,.rsrc,.reloc,

WZCSVC
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 76. c:\windows\system32\wzcsvc.dll
Microsoft Corporation
Wireless Zero Configuration Service
.text,.data,.rsrc,.reloc,

xmlprov
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 77. c:\windows\system32\xmlprov.dll
Microsoft Corporation
Network Provisioning Service
.text,.data,.rsrc,.reloc,

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
3bd0
[A ] 78. c:\windows\system32\drivers\3bd0.sys

ACPI
[A ] 79. c:\windows\system32\drivers\acpi.sys
Microsoft Corporation
ACPI Driver for NT
.text,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,

ACPIEC
[A ] 80. c:\windows\system32\drivers\acpiec.sys
Microsoft Corporation
ACPI Embedded Controller Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

aec
[A ] 81. c:\windows\system32\drivers\aec.sys
Microsoft Corporation
Microsoft Acoustic Echo Canceller
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

AFD
[A ] 82. c:\windows\system32\drivers\afd.sys
Microsoft Corporation
Ancillary Function Driver for WinSock
.text,.rdata,.data,PAGE,PAGEAFD,PAGESAN,INIT,.rsrc,.reloc,

ALCXWDM
[A ] 83. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,

AsyncMac
[A ] 84. c:\windows\system32\drivers\asyncmac.sys
Microsoft Corporation
MS Remote Access serial network driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

atapi
[A ] 85. c:\windows\system32\drivers\atapi.sys
Microsoft Corporation
IDE/ATAPI Port Driver
.text,NONPAGE,.rdata,.data,PAGESCAN,PAGE,INIT,.rsrc,.reloc,

Atmarpc
[A ] 86. c:\windows\system32\drivers\atmarpc.sys
Microsoft Corporation
IP/ATM Arp Client
.text,.rdata,.data,INIT,.rsrc,.reloc,

audstub
[A ] 87. c:\windows\system32\drivers\audstub.sys
Microsoft Corporation
AudStub Driver
.text,.rdata,PAGE,INIT,.rsrc,.reloc,

BaseTDI
[A ] 88. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,

Beep
[A ] 89. c:\windows\system32\drivers\beep.sys
Microsoft Corporation
BEEP Driver
.text,.rdata,INIT,.rsrc,.reloc,

cbidf2k
[A ] 90. c:\windows\system32\drivers\cbidf2k.sys
Microsoft Corporation
CardBus/PCMCIA IDE Miniport Driver
.text,.rdata,INIT,.rsrc,.reloc,

CdaC15BA
[A ] 91. c:\windows\system32\drivers\cdac15ba.sys
Macrovision Europe Ltd
Macrovision SECURITY Driver
.text,.data,INIT,.rsrc,.reloc,

Cdaudio
[A ] 92. c:\windows\system32\drivers\cdaudio.sys
Microsoft Corporation
CD-ROM Audio Filter Driver
.text,.rdata,PAGECDNC,PAGECDOT,INIT,.rsrc,.reloc,

Cdrom
[A ] 93. c:\windows\system32\drivers\cdrom.sys
Microsoft Corporation
SCSI CD-ROM Driver
.text,.rdata,.data,PAGE,PAGEHIT2,PAGEHITA,PAGETOSH,PAGE,INIT,.rsrc,.reloc,

Disk
[A ] 94. c:\windows\system32\drivers\disk.sys
Microsoft Corporation
PnP Disk Driver
.text,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,

dmboot
[A ] 95. c:\windows\system32\drivers\dmboot.sys
Microsoft Corp., Veritas Software
NT Disk Manager Startup Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

dmio
[A ] 96. c:\windows\system32\drivers\dmio.sys
Microsoft Corp., Veritas Software
NT Disk Manager I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

dmload
[A ] 97. c:\windows\system32\drivers\dmload.sys
Microsoft Corp., Veritas Software.
NT Disk Manager Startup Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

DMusic
[A ] 98. c:\windows\system32\drivers\dmusic.sys
Microsoft Corporation
Microsoft Kernel DLS Synthesizer
.text,.rdata,.data,INIT,.rsrc,.reloc,

drmkaud
[A ] 99. c:\windows\system32\drivers\drmkaud.sys
Microsoft Corporation
Microsoft Kernel DRM Audio Descrambler Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

ExpScaner
[A ] 100. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

Fdc
[A ] 101. c:\windows\system32\drivers\fdc.sys
Microsoft Corporation
Floppy Disk Controller Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Fips
[A ] 102. c:\windows\system32\drivers\fips.sys
Microsoft Corporation
FIPS Crypto Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Flpydisk
[A ] 103. c:\windows\system32\drivers\flpydisk.sys
Microsoft Corporation
Floppy Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

FsVga
[A ] 104. c:\windows\system32\drivers\fsvga.sys
Microsoft Corporation
Full Screen Video Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Ftdisk
[A ] 105. c:\windows\system32\drivers\ftdisk.sys
Microsoft Corporation
FT Disk Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,

Gpc
[A ] 106. c:\windows\system32\drivers\msgpc.sys
Microsoft Corporation
MS General Packet Classifier
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

HookCont
[A ] 107. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,

yuelihu - 2007-7-25 17:14:00

HookReg
[A ] 108. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookSys
[A ] 109. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HTTP
[A ] 110. c:\windows\system32\drivers\http.sys
Microsoft Corporation
HTTP Protocol Stack
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

i8042prt
[A ] 111. c:\windows\system32\drivers\i8042prt.sys
Microsoft Corporation
i8042 Port Driver
.text,.rdata,.data,PAGE,PAGEMOUC,INIT,.rsrc,.reloc,

ialm
[A ] 112. c:\windows\system32\drivers\ialmnt5.sys
Intel Corporation
Intel Graphics Miniport Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Imapi
[A ] 113. c:\windows\system32\drivers\imapi.sys
Microsoft Corporation
IMAPI Kernel Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

IntelIde
[A ] 114. c:\windows\system32\drivers\intelide.sys
Microsoft Corporation
Intel PCI IDE Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

intelppm
[A ] 115. c:\windows\system32\drivers\intelppm.sys
Microsoft Corporation
Processor Device Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,

Ip6Fw
[A ] 116. c:\windows\system32\drivers\ip6fw.sys
Microsoft Corporation
IPv6 Windows Firewall Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

IpFilterDriver
[A ] 117. c:\windows\system32\drivers\ipfltdrv.sys
Microsoft Corporation
IP FILTER DRIVER
.text,.rdata,.data,PAGED,PAGE,INIT,.rsrc,.reloc,

IpInIp
[A ] 118. c:\windows\system32\drivers\ipinip.sys
Microsoft Corporation
IP in IP Encapsulation Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

IpNat
[A ] 119. c:\windows\system32\drivers\ipnat.sys
Microsoft Corporation
IP Network Address Translator
.text,.rdata,.data,PAGE,PAGER32C,INIT,.rsrc,.reloc,

IRENUM
[A ] 120. c:\windows\system32\drivers\irenum.sys
Microsoft Corporation
Infra-Red Bus Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

isapnp
[A ] 121. c:\windows\system32\drivers\isapnp.sys
Microsoft Corporation
PNP ISA Bus Driver
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

Kbdclass
[A ] 122. c:\windows\system32\drivers\kbdclass.sys
Microsoft Corporation
Keyboard Class Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

kmixer
[A ] 123. c:\windows\system32\drivers\kmixer.sys
Microsoft Corporation
Kernel Mode Audio Mixer
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

KSecDD
[A ] 124. c:\windows\system32\drivers\ksecdd.sys
Microsoft Corporation
Kernel Security Support Provider Interface
.text,.rdata,.data,PAGE,PAGEMSG,.edata,INIT,.rsrc,.reloc,

MEMSCAN
[A ] 125. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

mnmdd
[A ] 126. c:\windows\system32\drivers\mnmdd.sys
Microsoft Corporation
Frame buffer simulator
.rdata,PAGE,PAGE,INIT,.rsrc,.reloc,

Modem
[A ] 127. c:\windows\system32\drivers\modem.sys
Microsoft Corporation
Modem Device Driver
.text,.rdata,.data,PAGE,PAGEUMDM,INIT,.rsrc,.reloc,

Mouclass
[A ] 128. c:\windows\system32\drivers\mouclass.sys
Microsoft Corporation
Mouse Class Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

MountMgr
[A ] 129. c:\windows\system32\drivers\mountmgr.sys
Microsoft Corporation
Mount Manager
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

MSKSSRV
[A ] 130. c:\windows\system32\drivers\mskssrv.sys
Microsoft Corporation
MS KS Server
.text,.data,PAGE,INIT,.rsrc,.reloc,

MSPCLOCK
[A ] 131. c:\windows\system32\drivers\mspclock.sys
Microsoft Corporation
MS Proxy Clock
.text,.data,PAGE,INIT,.rsrc,.reloc,

MSPQM
[A ] 132. c:\windows\system32\drivers\mspqm.sys
Microsoft Corporation
MS Proxy Quality Manager
.data,PAGE,INIT,.rsrc,.reloc,

mssmbios
[A ] 133. c:\windows\system32\drivers\mssmbios.sys
Microsoft Corporation
System Management BIOS Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

mxdispdr
[A ] 134. c:\windows\system32\drivers\mxdispdr.sys
.text,.rdata,.data,INIT,.reloc,

NDIS
[A ] 135. c:\windows\system32\drivers\ndis.sys
Microsoft Corporation
NDIS 5.1 wrapper driver
.text,.rdata,.data,PAGENPNP,PAGENDSP,PAGENDSM,PAGENDCO,PAGENDSF,PAGENDSE,PAGENDST,PAGENDSA,.edata,PAGE,INIT,.rsrc,.reloc,

NdisTapi
[A ] 136. c:\windows\system32\drivers\ndistapi.sys
Microsoft Corporation
NDIS 3.0 connection wrapper driver
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,

Ndisuio
[A ] 137. c:\windows\system32\drivers\ndisuio.sys
Microsoft Corporation
NDIS User mode I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NdisWan
[A ] 138. c:\windows\system32\drivers\ndiswan.sys
Microsoft Corporation
MS PPP Framing Driver (Strong Encryption)
.text,.rdata,.data,INIT,.rsrc,.reloc,

NDProxy
[A ] 139. c:\windows\system32\drivers\ndproxy.sys
Microsoft Corporation
NDIS Proxy
.text,.rdata,.data,INIT,.rsrc,.reloc,

NetBT
[A ] 140. c:\windows\system32\drivers\netbt.sys
Microsoft Corporation
MBT Transport driver
.text,.rdata,.data,PAGE,PAGENBT,INIT,.rsrc,.reloc,

npkcrypt
[A ] 141. d:\安装应用程序\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Null
[A ] 142. c:\windows\system32\drivers\null.sys
Microsoft Corporation
NULL Driver
.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NwlnkFlt
[A ] 143. c:\windows\system32\drivers\nwlnkflt.sys
Microsoft Corporation
NWLINK2 Traffic Filter Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

NwlnkFwd
[A ] 144. c:\windows\system32\drivers\nwlnkfwd.sys
Microsoft Corporation
NWLINK2 Forwarder Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Parport
[A ] 145. c:\windows\system32\drivers\parport.sys
Microsoft Corporation
Parallel Port Driver
.text,.rdata,.data,PAGEPARW,INIT,.rsrc,.reloc,

PartMgr
[A ] 146. c:\windows\system32\drivers\partmgr.sys
Microsoft Corporation
Partition Manager
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

ParVdm
[A ] 147. c:\windows\system32\drivers\parvdm.sys
Microsoft Corporation
VDM Parallel Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

PCI
[A ] 148. c:\windows\system32\drivers\pci.sys
Microsoft Corporation
NT Plug and Play PCI Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

PCIIde
[A ] 149. c:\windows\system32\drivers\pciide.sys
Microsoft Corporation
Generic PCI IDE Bus Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Pcmcia
[A ] 150. c:\windows\system32\drivers\pcmcia.sys
Microsoft Corporation
PCMCIA Bus Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

PptpMiniport
[A ] 151. c:\windows\system32\drivers\raspptp.sys
Microsoft Corporation
Peer-to-Peer Tunneling Protocol
.text,.rdata,.data,INIT,.rsrc,.reloc,

yuelihu - 2007-7-25 17:16:00

PSched
[A ] 152. c:\windows\system32\drivers\psched.sys
Microsoft Corporation
MS QoS Packet Scheduler
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

PSched
[A ] 152. c:\windows\system32\drivers\psched.sys
Microsoft Corporation
MS QoS Packet Scheduler
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

Ptilink
[A ] 153. c:\windows\system32\drivers\ptilink.sys
Parallel Technologies, Inc.
Parallel Technologies DirectParallel IO Library
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,

PxHelp20
[A ] 154. c:\windows\system32\drivers\pxhelp20.sys
Sonic Solutions
Px Engine Device Driver for Windows 2000/XP
.text,.rdata,.data,INIT,.rsrc,.reloc,

RasAcd
[A ] 155. c:\windows\system32\drivers\rasacd.sys
Microsoft Corporation
RAS Automatic Connection Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Rasl2tp
[A ] 156. c:\windows\system32\drivers\rasl2tp.sys
Microsoft Corporation
RAS L2TP mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RasPppoe
[A ] 157. c:\windows\system32\drivers\raspppoe.sys
Microsoft Corporation
RAS PPPoE mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Raspti
[A ] 158. c:\windows\system32\drivers\raspti.sys
Microsoft Corporation
PTI DirectParallel(R) mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RDPCDD
[A ] 159. c:\windows\system32\drivers\rdpcdd.sys
Microsoft Corporation
RDP Miniport
.rdata,PAGE,PAGE,INIT,.rsrc,.reloc,

rdpdr
[A ] 160. c:\windows\system32\drivers\rdpdr.sys
Microsoft Corporation
Microsoft RDP Device redirector
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

RDPWD
[A ] 161. c:\windows\system32\drivers\rdpwd.sys
Microsoft Corporation
RDP Terminal Stack Driver (US/Canada Only, Not for Export)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

redbook
[A ] 162. c:\windows\system32\drivers\redbook.sys
Microsoft Corporation
Redbook Audio Filter Driver
.text,.rdata,.data,PAGE,PAGERW,PAGECONS,INIT,.rsrc,.reloc,

RsAntiSpyware
[A ] 163. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RsNTGDI
[A ] 164. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,

RSPPSYS
[A ] 165. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,

RTL8023xp
[A ] 166. c:\windows\system32\drivers\rtlnicxp.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.1 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

rtl8139
[A ] 167. c:\windows\system32\drivers\rtl8139.sys
Realtek Semiconductor Corporation
Realtek RTL8139 NDIS 5.0 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Secdrv
[A ] 168. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,

serenum
[A ] 169. c:\windows\system32\drivers\serenum.sys
Microsoft Corporation
Serial Port Enumerator
.text,.rdata,.data,PAGE,PAGESENM,INIT,.rsrc,.reloc,

Serial
[A ] 170. c:\windows\system32\drivers\serial.sys
Microsoft Corporation
Serial Device Driver
.text,.rdata,.data,PAGESRP0,PAGESER,INIT,.rsrc,.reloc,

Sfloppy
[A ] 171. c:\windows\system32\drivers\sfloppy.sys
Microsoft Corporation
SCSI Floppy Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

splitter
[A ] 172. c:\windows\system32\drivers\splitter.sys
Microsoft Corporation
Microsoft Kernel Audio Splitter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

swenum
[A ] 173. c:\windows\system32\drivers\swenum.sys
Microsoft Corporation
Plug and Play Software Device Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

swmidi
[A ] 174. c:\windows\system32\drivers\swmidi.sys
Microsoft Corporation
Microsoft GS Wavetable Synthesizer
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

sysaudio
[A ] 175. c:\windows\system32\drivers\sysaudio.sys
Microsoft Corporation
System Audio WDM Filter
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

Tcpip
[A ] 176. c:\windows\system32\drivers\tcpip.sys
Microsoft Corporation
TCP/IP Protocol Driver
.text,.rdata,.data,PAGE,PAGELK,PAGEIPMc,.edata,INIT,.rsrc,.reloc,

TDPIPE
[A ] 177. c:\windows\system32\drivers\tdpipe.sys
Microsoft Corporation
Named Pipe Transport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

TDTCP
[A ] 178. c:\windows\system32\drivers\tdtcp.sys
Microsoft Corporation
TCP Transport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

TermDD
[A ] 179. c:\windows\system32\drivers\termdd.sys
Microsoft Corporation
Terminal Server Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

Update
[A ] 180. c:\windows\system32\drivers\update.sys
Microsoft Corporation
Update Driver
.text,.rdata,.data,PAGE,PAGECONS,PAGELK,INIT,.rsrc,.reloc,

usbehci
[A ] 181. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

usbhub
[A ] 182. c:\windows\system32\drivers\usbhub.sys
Microsoft Corporation
Default Hub Driver for USB
.text,.rdata,.data,PAGE,PAGECONS,INIT,.rsrc,.reloc,

usbscan
[A ] 183. c:\windows\system32\drivers\usbscan.sys
Microsoft Corporation
USB Scanner Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

usbser
[A ] 184. c:\windows\system32\drivers\usbser.sys
Microsoft Corporation
USB Modem Driver
.text,.rdata,.data,PAGEUSBS,PAGEUSBS,PAGEUBS0,INIT,.rsrc,.reloc,

USBSTOR
[A ] 185. c:\windows\system32\drivers\usbstor.sys
Microsoft Corporation
USB Mass Storage Class Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

usbuhci
[A ] 186. c:\windows\system32\drivers\usbuhci.sys
Microsoft Corporation
UHCI USB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

VgaSave
[A ] 187. c:\windows\system32\drivers\vga.sys
Microsoft Corporation
VGA/Super VGA Video Driver
.text,.rdata,.data,PAGE,PAGE_DAT,INIT,.rsrc,.reloc,

VolSnap
[A ] 188. c:\windows\system32\drivers\volsnap.sys
Microsoft Corporation
Volume Shadow Copy Driver
.text,.rdata,.data,PAGELK,INIT,.rsrc,.reloc,

Wanarp
[A ] 189. c:\windows\system32\drivers\wanarp.sys
Microsoft Corporation
MS Remote Access and Routing ARP Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

wdmaud
[A ] 190. c:\windows\system32\drivers\wdmaud.sys
Microsoft Corporation
MMSYSTEM Wave/Midi API mapper
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

yuelihu - 2007-7-25 17:17:00

+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
Cdfs
[A ] 191. c:\windows\system32\drivers\cdfs.sys
Microsoft Corporation
CD-ROM File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Fastfat
[A ] 192. c:\windows\system32\drivers\fastfat.sys
Microsoft Corporation
Fast FAT File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

FltMgr
[A ] 193. c:\windows\system32\drivers\fltmgr.sys
Microsoft Corporation
Microsoft Filesystem Filter Manager
.text,.rdata,.data,PAGE,PAGEVRF1,PAGEVRF2,.edata,INIT,.rsrc,.reloc,

MRxDAV
[A ] 194. c:\windows\system32\drivers\mrxdav.sys
Microsoft Corporation
Windows NT WebDav Minirdr
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

MRxSmb
[A ] 195. c:\windows\system32\drivers\mrxsmb.sys
Microsoft Corporation
Windows NT SMB Minirdr
.text,SECUR,.rdata,.data,PAGE,PAGE4BRO,PAGE5NET,PAGE,INIT,.rsrc,.reloc,

Msfs
[A ] 196. c:\windows\system32\drivers\msfs.sys
Microsoft Corporation
Mailslot driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Mup
[A ] 197. c:\windows\system32\drivers\mup.sys
Microsoft Corporation
Multiple UNC Provider driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NetBIOS
[A ] 198. c:\windows\system32\drivers\netbios.sys
Microsoft Corporation
NetBIOS interface driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Npfs
[A ] 199. c:\windows\system32\drivers\npfs.sys
Microsoft Corporation
NPFS Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Ntfs
[A ] 200. c:\windows\system32\drivers\ntfs.sys
Microsoft Corporation
NT File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Rdbss
[A ] 201. c:\windows\system32\drivers\rdbss.sys
Microsoft Corporation
Redirected Drive Buffering SubSystem Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

sr
[A ] 202. c:\windows\system32\drivers\sr.sys
Microsoft Corporation
System Restore Filesystem Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Srv
[A ] 203. c:\windows\system32\drivers\srv.sys
Microsoft Corporation
Server driver
.text,.rdata,.data,PAGE,PAGE8FIL,PAGESMBC,PAGESMBD,INIT,.rsrc,.reloc,

Udfs
[A ] 204. c:\windows\system32\drivers\udfs.sys
Microsoft Corporation
UDF File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost
[A ] 205. c:\windows\system32\logonui.exe
Microsoft Corporation
Windows Logon UI
.text,.data,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain
[AM] 206. c:\windows\system32\crypt32.dll
Microsoft Corporation
Crypto API32
.text,.data,.rsrc,.reloc,

cryptnet
[A ] 207. c:\windows\system32\cryptnet.dll
Microsoft Corporation
Crypto Network Related API
.text,.data,.rsrc,.reloc,

cscdll
[AM] 208. c:\windows\system32\cscdll.dll
Microsoft Corporation
Offline Network Agent
.text,PAGE,.data,.rsrc,.reloc,

igfxcui
[A ] 209. c:\windows\system32\igfxdev.dll
Intel Corporation
igfxdev Module
.text,.rdata,.data,.rsrc,.reloc,

ScCertProp
[AM] 210. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

Schedule
[AM] 210. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

sclgntfy
[A ] 211. c:\windows\system32\sclgntfy.dll
Microsoft Corporation
Secondary Logon Service Notification DLL
.text,.data,.rsrc,.reloc,

SensLogn
[AM] 210. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

termsrv
[AM] 210. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

wlballoon
[AM] 210. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
[A ] 212. d:\安装应用程序\acrobat 7.0\acrobat\acroiefavclient.dll
Adobe Systems Incorporated
Adobe IE plugin
.text,.rdata,.data,.rsrc,.reloc,

{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[A ] 213. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,

+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
[AM] 214. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 215. d:\安装应用程序\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[A ] 216. c:\program files\java\jre1.5.0_06\bin\ssv.dll
Sun Microsystems, Inc.
Java(TM) 2 Platform Standard Edition binary
.text,.rdata,.data,.rsrc,.reloc,

{AA58ED58-01DD-4d91-8333-CF10577473F7}
[A ] 213. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,

{AE7CD045-E861-484f-8273-0445EE161910}
[A ] 212. d:\安装应用程序\acrobat 7.0\acrobat\acroiefavclient.dll
Adobe Systems Incorporated
Adobe IE plugin
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 217. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{182EC0BE-5110-49C8-A062-BEB1D02A220B}
[A ] 212. d:\安装应用程序\acrobat 7.0\acrobat\acroiefavclient.dll
Adobe Systems Incorporated
Adobe IE plugin
.text,.rdata,.data,.rsrc,.reloc,

{4D5C8C25-D075-11d0-B416-00C04FB90376}
[AM] 214. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 218. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,

yuelihu - 2007-7-25 17:20:00

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 218. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,

application/x-complus
[A ] 218. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,

application/x-msdownload
[A ] 218. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,

Class Install Handler
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

deflate
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

gzip
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

lzdhtml
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

text/webviewhtml
[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
about
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

cdl
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

dvd
[A ] 222. c:\windows\system32\msvidctl.dll
Microsoft Corporation
ActiveX control for streaming video
.text,.orpc,.data,.rsrc,.reloc,

file
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

ftp
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

gopher
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

http
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

https
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

its
[A ] 223. c:\windows\system32\itss.dll
Microsoft Corporation
Microsoft? InfoTech Storage System Library
.text,.data,.rsrc,.reloc,

javascript
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

local
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

mailto
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

mhtml
[A ] 224. c:\windows\system32\inetcomm.dll
Microsoft Corporation
Microsoft Internet Messaging API
.text,.data,.rsrc,.reloc,

mk
[AM] 219. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

ms-its
[A ] 223. c:\windows\system32\itss.dll
Microsoft Corporation
Microsoft? InfoTech Storage System Library
.text,.data,.rsrc,.reloc,

res
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

sysimage
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

tv
[A ] 222. c:\windows\system32\msvidctl.dll
Microsoft Corporation
ActiveX control for streaming video
.text,.orpc,.data,.rsrc,.reloc,

vbscript
[AM] 221. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

wia
[A ] 225. c:\windows\system32\wiascr.dll
Microsoft Corporation
WIA Scripting Layer
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
[A ] 226. c:\windows\inf\unregmp2.exe
Microsoft Corporation
Microsoft Windows Media Player 安装实用程序
.text,.data,.rsrc,

>{26923b43-4d38-484f-9b9e-de460746276c}
[A ] 227. c:\windows\system32\shmgrate.exe
Microsoft Corporation
Windows NT User Data Migration Tool
.text,.data,.rsrc,

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
[A ] 228. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
[A ] 227. c:\windows\system32\shmgrate.exe
Microsoft Corporation
Windows NT User Data Migration Tool
.text,.data,.rsrc,

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
[A ] 229. c:\windows\system32\regsvr32.exe
Microsoft Corporation
Microsoft(C) Register Server
.text,.data,.rsrc,

[AM] 230. c:\windows\system32\themeui.dll
Microsoft Corporation
Windows Theme API
.text,.data,.rsrc,.reloc,

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[A ] 231. c:\program files\outlook express\setup50.exe
Microsoft Corporation
Outlook Express Setup Library
.text,.data,.rsrc,

{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
[A ] 228. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

红色咖啡11 - 2007-7-25 17:23:00

木马

yuelihu - 2007-7-25 17:23:00

{5945c046-1e7d-11d1-bc44-00c04fd912be}
[A ] 228. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
[A ] 228. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

{7790769C-0471-11d2-AF11-00C04FA35D02}
[A ] 231. c:\program files\outlook express\setup50.exe
Microsoft Corporation
Outlook Express Setup Library
.text,.data,.rsrc,

{89820200-ECBD-11cf-8B85-00AA005B4340}
[A ] 229. c:\windows\system32\regsvr32.exe
Microsoft Corporation
Microsoft(C) Register Server
.text,.data,.rsrc,

[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{89820200-ECBD-11cf-8B85-00AA005B4383}
[A ] 232. c:\windows\system32\ie4uinit.exe
Microsoft Corporation
IE 5.0 Per-User Install Utility
.text,.data,.rsrc,

{89B4C1CD-B018-4511-B0A1-5476DBF70820}
[A ] 228. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{24F14F01-7B1C-11d1-838f-0000F80461CF}
[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{24F14F02-7B1C-11d1-838f-0000F80461CF}
[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{66742402-F9B9-11D1-A202-0000F81FEDEE}
[AM] 220. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 233. d:\安装应用程序\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Multimedia File Property Sheet
[A ] 234. c:\windows\system32\mmsys.cpl
Microsoft Corporation
Control Panel Drivers Applet
.text,.data,.rsrc,.reloc,

ICM 扫描仪管理
[A ] 235. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

NTFS Security Page
[A ] 236. c:\windows\system32\rshx32.dll
Microsoft Corporation
Security Shell Extension
.text,.data,.rsrc,.reloc,

OLE Docfile Property Page
[A ] 237. c:\windows\system32\docprop.dll
Microsoft Corporation
OLE DocFile Property Page
.text,.data,.rsrc,.reloc,

Shell extensions for sharing
[AM] 238. c:\windows\system32\ntshrui.dll
Microsoft Corporation
Shell extensions for sharing
.text,.data,.rsrc,.reloc,

PlusPack CPL Extension
[AM] 230. c:\windows\system32\themeui.dll
Microsoft Corporation
Windows Theme API
.text,.data,.rsrc,.reloc,

Display Adapter CPL Extension
[A ] 239. c:\windows\system32\deskadp.dll
Microsoft Corporation
Advanced display adapter properties
.text,.data,.rsrc,.reloc,

Display Monitor CPL Extension
[A ] 240. c:\windows\system32\deskmon.dll
Microsoft Corporation
Advanced display monitor properties
.text,.data,.rsrc,.reloc,

DS Security Page
[A ] 241. c:\windows\system32\dssec.dll
Microsoft Corporation
Directory Service Security UI
.text,.data,.rsrc,.reloc,

Compatibility Page
[A ] 242. c:\windows\system32\slayerxp.dll
Microsoft Corporation
Compatibility Tab Shell Extension DLL
.text,.data,.rsrc,.reloc,

Shell Scrap DataHandler
[A ] 243. c:\windows\system32\shscrap.dll
Microsoft Corporation
Shell scrap object handler
.text,.data,.rsrc,.reloc,

Disk Copy Extension
[A ] 244. c:\windows\system32\diskcopy.dll
Microsoft Corporation
Windows DiskCopy
.text,.data,.rsrc,.reloc,

Shell extensions for Microsoft Windows Network objects
[A ] 245. c:\windows\system32\ntlanui2.dll
Microsoft Corporation
Network object shell UI
.text,.data,.rsrc,.reloc,

ICM 监视器管理
[A ] 235. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

ICM 打印机管理
[A ] 235. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

Web Printer Shell Extension
[AM] 246. c:\windows\system32\printui.dll
Microsoft Corporation
Print UI DLL
.text,.data,.rsrc,.reloc,

Disk Quota UI
[A ] 247. c:\windows\system32\dskquoui.dll
Microsoft Corporation
Windows Shell Disk Quota UI DLL
.text,.data,.rsrc,.reloc,

公文包
[A ] 248. c:\windows\system32\syncui.dll
Microsoft Corporation
Windows Briefcase
.text,.data,.rsrc,.reloc,

HyperTerminal Icon Ext
[A ] 249. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,

字体
[A ] 250. c:\windows\system32\fontext.dll
Microsoft Corporation
Windows Font Folder
.text,.data,.rsrc,.reloc,

ICC 配置文件
[A ] 235. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

Printers Security Page
[A ] 236. c:\windows\system32\rshx32.dll
Microsoft Corporation
Security Shell Extension
.text,.data,.rsrc,.reloc,

Shell extensions for sharing
[AM] 238. c:\windows\system32\ntshrui.dll
Microsoft Corporation
Shell extensions for sharing
.text,.data,.rsrc,.reloc,

Display TroubleShoot CPL Extension
[A ] 251. c:\windows\system32\deskperf.dll
Microsoft Corporation
Advanced display performance properties
.text,.data,.rsrc,.reloc,

Crypto PKO Extension
[A ] 252. c:\windows\system32\cryptext.dll
Microsoft Corporation
Crypto Shell Extensions
.text,.data,.rsrc,.reloc,

Crypto Sign Extension
[A ] 252. c:\windows\system32\cryptext.dll
Microsoft Corporation
Crypto Shell Extensions
.text,.data,.rsrc,.reloc,

yuelihu - 2007-7-25 17:25:00

这样上传太麻烦了，能不能简单点啊，才上传1/4啊。

Enao2005 - 2007-7-25 17:49:00

删除驱动服务
[3bd / 3bd0][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\3bd0.sys><N/A>
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>

下面文件用XDelBox1.3删除(enao.ys168.com 下载)
C:\WINDOWS\System32\DRIVERS\3bd0.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\Program Files\Common Files\Relive.dll
C:\WINDOWS\system32\msplrct.dll
C:\WINDOWS\system32\n8yjcwa2a3.dll

yuelihu - 2007-7-25 18:36:00

驱动服务
[3bd / 3bd0][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\3bd0.sys><N/A>

删除后又有！
文件C:\WINDOWS\System32\DRIVERS\3bd0.sys也无法删除！
而且启动系统出现提示：

附件: 8416162007725182610.jpg

Enao2005 - 2007-7-25 18:41:00

再试次
驱动服务
[3bd / 3bd0][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\3bd0.sys><N/A>

重启删除（用XDelBox1.3删除）
System32\DRIVERS\3bd0.sys

老大南 - 2007-7-28 9:55:00

楼主删掉病毒了吗？我给你的情况一样！我也不知道怎么删.如果你删除了，请你告诉我怎么删。谢谢！谢谢！

附件: 911274200772894525.txt

瑞星卡卡安全论坛