【求助】帮我看看日志 bbs.ikaka.com

yessky - 2007-8-2 11:59:00

2007-08-02,11:42:43

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<internat><\WINDOWS\System32\internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<H8MovAutoRun><d:\Program Files\8mov\movieservice.exe> [网吧电影管理者]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [Intel Corporation]
<Server><"C:\server\raserver.exe" -servicehelper> [上海金俊坤计算机技术服务有限公司]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><dimsntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
<%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
<%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser> [(Verified)Microsoft Windows Publisher]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)

yessky - 2007-8-2 12:00:00

==================================
启动文件夹
[internat.exe]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\internat.exe.lnk --> C:\WINDOWS\system32\internat.exe [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[VNC Server / winvnc][Running/Auto Start]
<"C:\server\raserver.exe" -service><上海金俊坤计算机技术服务有限公司>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[VIA Rhine Family Fast Ethernet Adapter Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VMware Pointing Device / vmmouse][Stopped/Manual Start]
<system32\DRIVERS\vmmouse.sys><VMware, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[用比特精灵下载(&B)]
<D:\BitSpirit\bsurl.htm, N/A>

yessky - 2007-8-2 12:01:00

正在运行的进程
[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 596 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1012 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1068 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1168 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 73]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 47]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1336 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1376 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[c:\windows\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1904 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 132 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 284 / SYSTEM][C:\server\raserver.exe] [上海金俊坤计算机技术服务有限公司, 1.0.0.0]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 464 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1060 / Administrator][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1. 0. 47.9]
[C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.3]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1120 / Administrator][d:\Program Files\8mov\movieservice.exe] [网吧电影管理者, 1.04.0001]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1152 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1200 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1280 / Administrator][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4384]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4384]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1488 / Administrator][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4384]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1564 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\faultrep.DLL] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1640 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1720 / Administrator][C:\WINDOWS\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 560 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2032 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 540 / Administrator][d:\Program Files\8mov\MovieNoExit.exe] [, 1.00]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1768 / NETWORK SERVICE][c:\windows\system32\inetsrv\w3wp.exe] [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[\\?\C:\WINDOWS\system32\ViewGood\WebMedia\TransportSvr.dll] [N/A, ]
[PID: 1732 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\server\vnchooks.dll] [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

yessky - 2007-8-2 12:02:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
218.22.51.34www.8mov.net
218.22.51.348mov.net
218.22.51.34ad.8mov.net
218.22.51.34bt.8mov.net
218.22.51.34bbs.8mov.net

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

yessky - 2007-8-2 12:06:00

这台机子是网吧电影服务器，在别的机子上一打开服务器的地址看电影就提示有病毒，Trojan.PSW.Win32.OnlineGames.dlb

在电影服务器上用瑞星扫描是没发现在病毒的

yessky - 2007-8-2 14:33:00

顶啊！大哥帮帮忙啊！快急死了

Leoooo - 2007-8-2 15:30:00

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"2个选项
4 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以)，不要修改（一次发不完请分次发上来）
6 扫日志的时候尽量把不必要的软件关闭如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

baohe - 2007-8-2 15:32:00

【回复“yessky”的帖子】
C:\server\raserver.exe————什么东西？不认识。

sanjingshou - 2007-8-2 15:40:00

引用:

【baohe的贴子】【回复“yessky”的帖子】
C:\server\raserver.exe————什么东西？不认识。
………………

在BAIDU上搜到的

系统里多了一个RAServer.exe这是什么进程。该怎么办
提问者：梦回周公 - 助理二级
最佳答案
这是你的杀毒软件来的.
是杀毒软件更新服务进程

sanjingshou - 2007-8-2 15:40:00

不过感觉说的不对啊~~

yessky - 2007-8-2 17:03:00

引用:

【baohe的贴子】【回复“yessky”的帖子】
C:\server\raserver.exe————什么东西？不认识。
………………

这个是我装的远程控制软件

yessky - 2007-8-2 17:14:00

瑞星卡卡电脑诊断日志 v1.30 (2007-8-2 16:56:29) 北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
AeLookupSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 2. c:\windows\system32\aelupsvc.dll
Microsoft Corporation
Application Experience Lookup Service
.text,.data,.rsrc,.reloc,

Alerter
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 3. c:\windows\system32\alrsvc.dll
Microsoft Corporation
Alerter Service DLL
.text,.data,.rsrc,.reloc,

ALG
[A ] 4. c:\windows\system32\alg.exe
Microsoft Corporation
Application Layer Gateway Service
.text,.data,.rsrc,

AppMgmt
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 5. c:\windows\system32\appmgmts.dll
Microsoft Corporation
Software installation Service
.text,.data,.rsrc,.reloc,

AudioSrv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 6. c:\windows\system32\audiosrv.dll
Microsoft Corporation
Windows Audio Service
.text,.data,.rsrc,.reloc,

BITS
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 7. c:\windows\system32\qmgr.dll
Microsoft Corporation
Background Intelligent Transfer Service
.text,.data,.rsrc,.reloc,

Browser
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 8. c:\windows\system32\browser.dll
Microsoft Corporation
Computer Browser Service DLL
.text,.data,.rsrc,.reloc,

ClipSrv
[A ] 9. c:\windows\system32\clipsrv.exe
Microsoft Corporation
Windows Clipbook DDE Server
.text,.data,.rsrc,

COMSysApp
[A ] 10. c:\windows\system32\dllhost.exe
Microsoft Corporation
COM Surrogate
.text,.data,.rsrc,

CryptSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 11. c:\windows\system32\cryptsvc.dll
Microsoft Corporation
Cryptographic Services
.text,.data,.rsrc,.reloc,

附件: 618134200782173052.txt

yessky - 2007-8-2 17:15:00

DcomLaunch
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 12. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

Dfs
[A ] 13. c:\windows\system32\dfssvc.exe
Microsoft Corporation
Windows NT Distributed File System Service
.text,.data,.tls,.rsrc,

Dhcp
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 14. c:\windows\system32\dhcpcsvc.dll
Microsoft Corporation
DHCP Client Service
.text,.data,.rsrc,.reloc,

dmadmin
[A ] 15. c:\windows\system32\dmadmin.exe
Microsoft Corporation
Logical Disk Manager Adminstrative Service
.text,.data,.rsrc,

dmserver
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 16. c:\windows\system32\dmserver.dll
Microsoft Corporation
Logical Disk Manager Service
.text,.data,.rsrc,.reloc,

Dnscache
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 17. c:\windows\system32\dnsrslvr.dll
Microsoft Corporation
DNS Caching Resolver Service
.text,.data,.rsrc,.reloc,

ERSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 18. c:\windows\system32\ersvc.dll
Microsoft Corporation
Windows Error Reporting Service
.text,.data,.rsrc,.reloc,

Eventlog
[AM] 19. c:\windows\system32\services.exe
Microsoft Corporation
Services and Controller app
.text,.data,.rsrc,

EventSystem
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 20. c:\windows\system32\es.dll
Microsoft Corporation
COM+
.text,.orpc,.data,.rsrc,.reloc,

HidServ
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

HTTPFilter
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

[AM] 22. c:\windows\system32\w3ssl.dll
Microsoft Corporation
SSL service for HTTP
.text,.data,.rsrc,.reloc,

IISADMIN
[AM] 23. c:\windows\system32\inetsrv\inetinfo.exe
Microsoft Corporation
Internet Information Services
.text,.data,.rsrc,

IsmServ
[A ] 24. c:\windows\system32\ismserv.exe
Microsoft Corporation
Windows NT Intersite Messaging Service
.text,.data,.tls,.rsrc,

kdc
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

lanmanserver
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 25. c:\windows\system32\srvsvc.dll
Microsoft Corporation
Server Service DLL
.text,.data,.rsrc,.reloc,

lanmanworkstation
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 26. c:\windows\system32\wkssvc.dll
Microsoft Corporation
Workstation Service DLL
.text,.data,.rsrc,.reloc,

[AM] 27. c:\windows\system32\ntlanman.dll
Microsoft Corporation
Microsoft(R) Lan Manager
.text,.data,.rsrc,.reloc,

LicenseService
[A ] 28. c:\windows\system32\llssrv.exe
Microsoft Corporation
Microsoft? License Server
.text,.data,.rsrc,

yessky - 2007-8-2 17:20:00

LmHosts
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 29. c:\windows\system32\lmhsvc.dll
Microsoft Corporation
TCPIP NetBios Transport Services DLL
.text,.data,.rsrc,.reloc,

Messenger
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 30. c:\windows\system32\msgsvc.dll
Microsoft Corporation
NT Messenger Service
.text,.data,.rsrc,.reloc,

MSDTC
[A ] 31. c:\windows\system32\msdtc.exe
Microsoft Corporation
MS DTCconsole program
.text,.data,.rsrc,

MSIServer
[A ] 32. c:\windows\system32\msiexec.exe
Microsoft Corporation
Windows? installer
.text,.data,.rsrc,

NetDDE
[A ] 33. c:\windows\system32\netdde.exe
Microsoft Corporation
Network DDE - DDE Communication
.text,.data,.rsrc,

NetDDEdsdm
[A ] 33. c:\windows\system32\netdde.exe
Microsoft Corporation
Network DDE - DDE Communication
.text,.data,.rsrc,

Netlogon
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

Netman
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 34. c:\windows\system32\netman.dll
Microsoft Corporation
Network Connections Manager
.text,.data,.rsrc,.reloc,

Nla
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 35. c:\windows\system32\mswsock.dll
Microsoft Corporation
Microsoft Windows Sockets 2.0 Service Provider
.text,SANONTCP,.data,.rsrc,.reloc,

NtFrs
[A ] 36. c:\windows\system32\ntfrs.exe
Microsoft Corporation
File Replication Service
.text,.data,.rsrc,

NtLmSsp
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

NtmsSvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 37. c:\windows\system32\ntmssvc.dll
Microsoft Corporation
Removable Storage Manager
.text,.data,.rsrc,.reloc,

PlugPlay
[AM] 19. c:\windows\system32\services.exe
Microsoft Corporation
Services and Controller app
.text,.data,.rsrc,

PolicyAgent
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

ProtectedStorage
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

RasAuto
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 38. c:\windows\system32\rasauto.dll
Microsoft Corporation
Remote Access AutoDial Manager
.text,.data,.rsrc,.reloc,

RasMan
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 39. c:\windows\system32\rasmans.dll
Microsoft Corporation
Remote Access Connection Manager
.text,.data,.rsrc,.reloc,

RDSessMgr
[A ] 40. c:\windows\system32\sessmgr.exe
Microsoft Corporation
Microsoft(R) Remote Desktop Help Session Manager
.text,.data,.rsrc,

RemoteAccess
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 41. c:\windows\system32\mprdim.dll
Microsoft Corporation
Dynamic Interface Manager
.text,.data,.rsrc,.reloc,

RemoteRegistry
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 42. c:\windows\system32\regsvc.dll
Microsoft Corporation
Remote Registry Service
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:21:00

[AM] 42. c:\windows\system32\regsvc.dll
Microsoft Corporation
Remote Registry Service
.text,.data,.rsrc,.reloc,

RpcLocator
[A ] 43. c:\windows\system32\locator.exe
Microsoft Corporation
Rpc Locator
.text,.data,.rsrc,

RpcSs
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 12. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

[AM] 12. c:\windows\system32\rpcss.dll
Microsoft Corporation
Distributed COM Services
.text,.data,.rsrc,.reloc,

RsCCenter
[A ] 44. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,

RSoPProv
[A ] 45. c:\windows\system32\rsopprov.exe
Microsoft Corporation
RSoP Service Application
.text,.data,.rsrc,

RsRavMon
[A ] 46. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,

sacsvr
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 47. c:\windows\system32\sacsvr.dll
Microsoft Corporation
Microsoft EMS SAC Service
.text,.data,.rsrc,.reloc,

SamSs
[AM] 21. c:\windows\system32\lsass.exe
Microsoft Corporation
LSA Shell
.text,.data,.rsrc,

SCardSvr
[A ] 48. c:\windows\system32\scardsvr.exe
Microsoft Corporation
Smart Card Resource Management Server
.text,.data,.rsrc,

Schedule
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 49. c:\windows\system32\schedsvc.dll
Microsoft Corporation
Task Scheduler Engine
.text,.data,.rsrc,.reloc,

seclogon
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 50. c:\windows\system32\seclogon.dll
Microsoft Corporation
Secondary Logon Service DLL
.text,.data,.rsrc,.reloc,

SENS
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 51. c:\windows\system32\sens.dll
Microsoft Corporation
System Event Notification Service (SENS)
.text,.data,.rsrc,.reloc,

SharedAccess
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 52. c:\windows\system32\ipnathlp.dll
Microsoft Corporation
Microsoft NAT Helper Components
.text,.data,.rsrc,.reloc,

ShellHWDetection
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 53. c:\windows\system32\shsvcs.dll
Microsoft Corporation
Windows Shell Services Dll
.text,.data,.rsrc,.reloc,

Spooler
[A ] 54. c:\windows\system32\spoolsv.exe
Microsoft Corporation
Spooler SubSystem App
.text,.data,.rsrc,

stisvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 55. c:\windows\system32\wiaservc.dll
Microsoft Corporation
Still Image Devices Service
.text,.data,.rsrc,.reloc,

swprv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 56. c:\windows\system32\swprv.dll
Microsoft Corporation
Microsoft(R) Volume Shadow Copy Service software provider
.text,.data,.rsrc,.reloc,

[A ] 56. c:\windows\system32\swprv.dll
Microsoft Corporation
Microsoft(R) Volume Shadow Copy Service software provider
.text,.data,.rsrc,.reloc,

SysmonLog
[A ] 57. c:\windows\system32\smlogsvc.exe
Microsoft Corporation
Performance Logs and Alerts Service
.text,.data,.rsrc,

TapiSrv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 58. c:\windows\system32\tapisrv.dll
Microsoft Corporation
Microsoft(R) Windows(TM) Telephony Server
.text,.data,.rsrc,.reloc,

[A ] 58. c:\windows\system32\tapisrv.dll
Microsoft Corporation
Microsoft(R) Windows(TM) Telephony Server
.text,.data,.rsrc,.reloc,

TermService
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 59. c:\windows\system32\termsrv.dll
Microsoft Corporation
Terminal Server Service
.text,.data,.rsrc,.reloc,

Themes
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 53. c:\windows\system32\shsvcs.dll
Microsoft Corporation
Windows Shell Services Dll
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:22:00

TrkSvr
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 60. c:\windows\system32\trksvr.dll
Microsoft Corporation
Distributed Link Tracking Server
.text,.data,.rsrc,.reloc,

TrkWks
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 61. c:\windows\system32\trkwks.dll
Microsoft Corporation
Distributed Link Tracking Client
.text,.data,.rsrc,.reloc,

Tssdis
[A ] 62. c:\windows\system32\tssdis.exe
Microsoft Corporation
Terminal Server Load Balancing Directory Integrity Service
.text,.data,.rsrc,

UMWdf
[A ] 63. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

UPS
[A ] 64. c:\windows\system32\ups.exe
Microsoft Corporation
UPS Service
.text,.data,.rsrc,

vds
[A ] 65. c:\windows\system32\vds.exe
Microsoft Corporation
Virtual Disk Service
.text,.data,.rsrc,

VSS
[A ] 66. c:\windows\system32\vssvc.exe
Microsoft Corporation
Microsoft(R) Volume Shadow Copy Service
.text,.data,.rsrc,

W32Time
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 67. c:\windows\system32\w32time.dll
Microsoft Corporation
Windows Time Service
.text,.data,.rsrc,.reloc,

W3SVC
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 68. c:\windows\system32\inetsrv\iisw3adm.dll
Microsoft Corporation
IIS Web Admin Service
.text,.data,.rsrc,.reloc,

WebClient
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 69. c:\windows\system32\webclnt.dll
Microsoft Corporation
Web DAV Service DLL
.text,.data,.rsrc,.reloc,

[AM] 70. c:\windows\system32\davclnt.dll
Microsoft Corporation
Web DAV Client DLL
.text,.data,.rsrc,.reloc,

WinHttpAutoProxySvc
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

winmgmt
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 71. c:\windows\system32\wbem\wmisvc.dll
Microsoft Corporation
WMI
.text,.data,.rsrc,.reloc,

winvnc
[AM] 72. c:\server\raserver.exe
上海金俊坤计算机技术服务有限公司
上海金俊坤远程控制服务器端
,,,.rsrc,.data,.adata,

WmdmPmSN
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 73. c:\windows\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,

Wmi
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 74. c:\windows\system32\advapi32.dll
Microsoft Corporation
Advanced Windows 32 Base API
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:24:00

WmiApSrv
[A ] 75. c:\windows\system32\wbem\wmiapsrv.exe
Microsoft Corporation
WMI Performance Adapter Service
.text,.data,.rsrc,

wuauserv
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 76. c:\windows\system32\wuauserv.dll
Microsoft Corporation
Windows Update AutoUpdate Service
.text,.data,.rsrc,.reloc,

WZCSVC
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[AM] 77. c:\windows\system32\wzcsvc.dll
Microsoft Corporation
Wireless Zero Configuration Service
.text,.data,.rsrc,.reloc,

xmlprov
[AM] 1. c:\windows\system32\svchost.exe
Microsoft Corporation
Generic Host Process for Win32 Services
.text,.data,.rsrc,

[A ] 78. c:\windows\system32\xmlprov.dll
Microsoft Corporation
Network Provisioning Service
.text,.data,.rsrc,.reloc,

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ACPI
[A ] 79. c:\windows\system32\drivers\acpi.sys
Microsoft Corporation
ACPI Driver for NT
.text,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,

ACPIEC
[A ] 80. c:\windows\system32\drivers\acpiec.sys
Microsoft Corporation
ACPI Embedded Controller Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

aec
[A ] 81. c:\windows\system32\drivers\aec.sys
Microsoft Corporation
Microsoft Acoustic Echo Canceller
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

AFD
[A ] 82. c:\windows\system32\drivers\afd.sys
Microsoft Corporation
Ancillary Function Driver for WinSock
.text,.rdata,.data,PAGE,PAGEAFD,PAGESAN,INIT,.rsrc,.reloc,

AsyncMac
[A ] 83. c:\windows\system32\drivers\asyncmac.sys
Microsoft Corporation
MS Remote Access serial network driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

atapi
[A ] 84. c:\windows\system32\drivers\atapi.sys
Microsoft Corporation
IDE/ATAPI Port Driver
.text,NONPAGE,.rdata,.data,PAGESCAN,PAGE,INIT,.rsrc,.reloc,

Atmarpc
[A ] 85. c:\windows\system32\drivers\atmarpc.sys
Microsoft Corporation
IP/ATM Arp Client
.text,.rdata,.data,INIT,.rsrc,.reloc,

audstub
[A ] 86. c:\windows\system32\drivers\audstub.sys
Microsoft Corporation
AudStub Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

BaseTDI
[A ] 87. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,

cbidf2k
[A ] 88. c:\windows\system32\drivers\cbidf2k.sys
Microsoft Corporation
CardBus/PCMCIA IDE Miniport Driver
.text,.rdata,INIT,.rsrc,.reloc,

Cdrom
[A ] 89. c:\windows\system32\drivers\cdrom.sys
Microsoft Corporation
SCSI CD-ROM Driver
.text,.rdata,.data,PAGE,PAGEHIT2,PAGEHITA,PAGETOSH,PAGE,INIT,.rsrc,.reloc,

ClusDisk
[A ] 90. c:\windows\system32\drivers\clusdisk.sys
Microsoft Corporation
Cluster Disk Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

cmuda
[A ] 91. c:\windows\system32\drivers\cmuda.sys
C-Media Inc
C-Media Audio WDM Driver
.text,_LTEXT,_PTEXT,.data,_PDATA,_LDATA,.data1,PAGE,INIT,.rsrc,.reloc,

crcdisk
[A ] 92. c:\windows\system32\drivers\crcdisk.sys
Microsoft Corporation
Disk Block Verification Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Disk
[A ] 93. c:\windows\system32\drivers\disk.sys
Microsoft Corporation
PnP Disk Driver
.text,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,

dmboot
[A ] 94. c:\windows\system32\drivers\dmboot.sys
Microsoft Corporation
NT Disk Manager Startup Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

dmio
[A ] 95. c:\windows\system32\drivers\dmio.sys
Microsoft Corporation
NT Disk Manager I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

dmload
[A ] 96. c:\windows\system32\drivers\dmload.sys
Microsoft Corporation
NT Disk Manager Startup Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

DMusic
[A ] 97. c:\windows\system32\drivers\dmusic.sys
Microsoft Corporation
Microsoft Kernel DLS Synthesizer
.text,.rdata,.data,INIT,.rsrc,.reloc,

drmkaud
[A ] 98. c:\windows\system32\drivers\drmkaud.sys
Microsoft Corporation
Microsoft Kernel DRM Audio Descrambler Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Fdc
[A ] 99. c:\windows\system32\drivers\fdc.sys
Microsoft Corporation
Floppy Disk Controller Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

FETNDIS
[A ] 100. c:\windows\system32\drivers\fetnd5.sys
VIA Technologies, Inc.
NDIS 5.0 miniport driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Fips
[A ] 101. c:\windows\system32\drivers\fips.sys
Microsoft Corporation
FIPS Crypto Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Flpydisk
[A ] 102. c:\windows\system32\drivers\flpydisk.sys
Microsoft Corporation
Floppy Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

FsVga
[A ] 103. c:\windows\system32\drivers\fsvga.sys
Microsoft Corporation
Full Screen Video Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Ftdisk
[A ] 104. c:\windows\system32\drivers\ftdisk.sys
Microsoft Corporation
FT Disk Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,

Gpc
[A ] 105. c:\windows\system32\drivers\msgpc.sys
Microsoft Corporation
MS General Packet Classifier
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookReg
[A ] 106. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookSys
[A ] 107. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HTTP
[A ] 108. c:\windows\system32\drivers\http.sys
Microsoft Corporation
HTTP Protocol Stack
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

i8042prt
[A ] 109. c:\windows\system32\drivers\i8042prt.sys
Microsoft Corporation
i8042 Port Driver
.text,.rdata,.data,PAGE,PAGEMOUC,INIT,.rsrc,.reloc,

ialm
[A ] 110. c:\windows\system32\drivers\ialmnt5.sys
Intel Corporation
Intel Graphics Miniport Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

yessky - 2007-8-2 17:25:00

IntelIde
[A ] 111. c:\windows\system32\drivers\intelide.sys
Microsoft Corporation
Intel PCI IDE Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

intelppm
[A ] 112. c:\windows\system32\drivers\intelppm.sys
Microsoft Corporation
Processor Device Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,

Ip6Fw
[A ] 113. c:\windows\system32\drivers\ip6fw.sys
Microsoft Corporation
IPv6 Windows Firewall Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

IpFilterDriver
[A ] 114. c:\windows\system32\drivers\ipfltdrv.sys
Microsoft Corporation
IP FILTER DRIVER
.text,.rdata,.data,PAGED,PAGE,INIT,.rsrc,.reloc,

IpInIp
[A ] 115. c:\windows\system32\drivers\ipinip.sys

IpNat
[A ] 116. c:\windows\system32\drivers\ipnat.sys
Microsoft Corporation
IP Network Address Translator
.text,.rdata,.data,PAGE,PAGER32C,INIT,.rsrc,.reloc,

IPSec
[A ] 117. c:\windows\system32\drivers\ipsec.sys
Microsoft Corporation
IPSec Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

isapnp
[A ] 118. c:\windows\system32\drivers\isapnp.sys
Microsoft Corporation
PNP ISA Bus Driver
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

Kbdclass
[A ] 119. c:\windows\system32\drivers\kbdclass.sys
Microsoft Corporation
Keyboard Class Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

kmixer
[A ] 120. c:\windows\system32\drivers\kmixer.sys
Microsoft Corporation
Kernel Mode Audio Mixer
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

KSecDD
[A ] 121. c:\windows\system32\drivers\ksecdd.sys
Microsoft Corporation
Kernel Security Support Provider Interface
.text,.rdata,.data,PAGE,PAGEMSG,.edata,INIT,.rsrc,.reloc,

MEMSCAN
[A ] 122. c:\program files\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Modem
[A ] 123. c:\windows\system32\drivers\modem.sys
Microsoft Corporation
Modem Device Driver
.text,.rdata,.data,PAGE,PAGEUMDM,INIT,.rsrc,.reloc,

Mouclass
[A ] 124. c:\windows\system32\drivers\mouclass.sys
Microsoft Corporation
Mouse Class Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

MountMgr
[A ] 125. c:\windows\system32\drivers\mountmgr.sys
Microsoft Corporation
Mount Point Manager
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

MSKSSRV
[A ] 126. c:\windows\system32\drivers\mskssrv.sys
Microsoft Corporation
MS KS Server
.text,.data,PAGE,INIT,.rsrc,.reloc,

MSPCLOCK
[A ] 127. c:\windows\system32\drivers\mspclock.sys
Microsoft Corporation
MS Proxy Clock
.text,.data,PAGE,INIT,.rsrc,.reloc,

MSPQM
[A ] 128. c:\windows\system32\drivers\mspqm.sys
Microsoft Corporation
MS Proxy Quality Manager
.data,PAGE,INIT,.rsrc,.reloc,

mssmbios
[A ] 129. c:\windows\system32\drivers\mssmbios.sys
Microsoft Corporation
System Management BIOS Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NDIS
[A ] 130. c:\windows\system32\drivers\ndis.sys
Microsoft Corporation
NDIS 5.1 wrapper driver
.text,.rdata,.data,PAGENPNP,PAGENDSP,PAGENDSM,PAGENDCO,PAGENDSF,PAGENDSE,PAGENDST,PAGENDSA,.edata,PAGE,INIT,.rsrc,.reloc,

NdisTapi
[A ] 131. c:\windows\system32\drivers\ndistapi.sys
Microsoft Corporation
NDIS 3.0 connection wrapper driver
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,

Ndisuio
[A ] 132. c:\windows\system32\drivers\ndisuio.sys
Microsoft Corporation
NDIS User mode I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NdisWan
[A ] 133. c:\windows\system32\drivers\ndiswan.sys
Microsoft Corporation
MS PPP Framing Driver (Strong Encryption)
.text,.rdata,.data,INIT,.rsrc,.reloc,

NDProxy
[A ] 134. c:\windows\system32\drivers\ndproxy.sys
Microsoft Corporation
NDIS Proxy
.text,.rdata,.data,INIT,.rsrc,.reloc,

NetBT
[A ] 135. c:\windows\system32\drivers\netbt.sys
Microsoft Corporation
MBT Transport driver
.text,.rdata,.data,PAGE,PAGENBT,INIT,.rsrc,.reloc,

Null
[A ] 136. c:\windows\system32\drivers\null.sys
Microsoft Corporation
NULL Driver
.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Parport
[A ] 137. c:\windows\system32\drivers\parport.sys
Microsoft Corporation
Parallel Port Driver
.text,.rdata,.data,PAGEPARW,INIT,.rsrc,.reloc,

PartMgr
[A ] 138. c:\windows\system32\drivers\partmgr.sys
Microsoft Corporation
Partition Manager
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Parvdm
[A ] 139. c:\windows\system32\drivers\parvdm.sys
Microsoft Corporation
VDM Parallel Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

PCI
[A ] 140. c:\windows\system32\drivers\pci.sys
Microsoft Corporation
NT Plug and Play PCI Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

PCIIde
[A ] 141. c:\windows\system32\drivers\pciide.sys
Microsoft Corporation
Generic PCI IDE Bus Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Pcmcia
[A ] 142. c:\windows\system32\drivers\pcmcia.sys
Microsoft Corporation
PCMCIA Bus Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

PptpMiniport
[A ] 143. c:\windows\system32\drivers\raspptp.sys
Microsoft Corporation
Peer-to-Peer Tunneling Protocol
.text,.rdata,.data,INIT,.rsrc,.reloc,

Ptilink
[A ] 144. c:\windows\system32\drivers\ptilink.sys
Parallel Technologies, Inc.
Parallel Technologies DirectParallel IO Library
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,

RasAcd
[A ] 145. c:\windows\system32\drivers\rasacd.sys
Microsoft Corporation
RAS Automatic Connection Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Rasl2tp
[A ] 146. c:\windows\system32\drivers\rasl2tp.sys
Microsoft Corporation
RAS L2TP mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RasPppoe
[A ] 147. c:\windows\system32\drivers\raspppoe.sys
Microsoft Corporation
RAS PPPoE mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

Raspti
[A ] 148. c:\windows\system32\drivers\raspti.sys
Microsoft Corporation
PTI DirectParallel(R) mini-port/call-manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RDPCDD
[A ] 149. c:\windows\system32\drivers\rdpcdd.sys
Microsoft Corporation
RDP Miniport
.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,

rdpdr
[A ] 150. c:\windows\system32\drivers\rdpdr.sys
Microsoft Corporation
Microsoft RDP Device redirector
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

yessky - 2007-8-2 17:27:00

RDPWD
[A ] 151. c:\windows\system32\drivers\rdpwd.sys
Microsoft Corporation
RDP Terminal Stack Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

RsAntiSpyware
[A ] 152. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RsNTGDI
[A ] 153. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,

RSPPSYS
[A ] 154. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,

Secdrv
[A ] 155. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,pnidata,

serenum
[A ] 156. c:\windows\system32\drivers\serenum.sys
Microsoft Corporation
Serial Port Enumerator
.text,.rdata,.data,PAGE,PAGESENM,INIT,.rsrc,.reloc,

Serial
[A ] 157. c:\windows\system32\drivers\serial.sys
Microsoft Corporation
Serial Device Driver
.text,.rdata,.data,PAGESRP0,PAGESER,INIT,.rsrc,.reloc,

Sfloppy
[A ] 158. c:\windows\system32\drivers\sfloppy.sys
Microsoft Corporation
SCSI Floppy Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

splitter
[A ] 159. c:\windows\system32\drivers\splitter.sys
Microsoft Corporation
Microsoft Kernel Audio Splitter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

swenum
[A ] 160. c:\windows\system32\drivers\swenum.sys
Microsoft Corporation
Plug and Play Software Device Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

swmidi
[A ] 161. c:\windows\system32\drivers\swmidi.sys
Microsoft Corporation
Microsoft GS Wavetable Synthesizer
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

sysaudio
[A ] 162. c:\windows\system32\drivers\sysaudio.sys
Microsoft Corporation
System Audio WDM Filter
.text,.rdata,.data,PAGE,PAGEDATA,INIT,.rsrc,.reloc,

Tcpip
[A ] 163. c:\windows\system32\drivers\tcpip.sys
Microsoft Corporation
TCP/IP Protocol Driver
.text,.rdata,.data,PAGE,PAGELK,PAGEIPMc,.edata,INIT,.rsrc,.reloc,

TDPIPE
[A ] 164. c:\windows\system32\drivers\tdpipe.sys
Microsoft Corporation
Named Pipe Transport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

TDTCP
[A ] 165. c:\windows\system32\drivers\tdtcp.sys
Microsoft Corporation
TCP Transport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

TermDD
[A ] 166. c:\windows\system32\drivers\termdd.sys
Microsoft Corporation
Terminal Server Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

Update
[A ] 167. c:\windows\system32\drivers\update.sys
Microsoft Corporation
Update Driver
.text,.rdata,.data,PAGE,PAGECONS,PAGELK,INIT,.rsrc,.reloc,

usbehci
[A ] 168. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

usbhub
[A ] 169. c:\windows\system32\drivers\usbhub.sys
Microsoft Corporation
Default Hub Driver for USB
.text,.rdata,.data,PAGE,PAGECONS,INIT,.rsrc,.reloc,

usbuhci
[A ] 170. c:\windows\system32\drivers\usbuhci.sys
Microsoft Corporation
UHCI USB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

vga
[A ] 171. c:\windows\system32\drivers\vgapnp.sys
Microsoft Corporation
VGA/Super VGA Video Driver
.text,.rdata,.data,PAGE,PAGE_DAT,INIT,.rsrc,.reloc,

VgaSave
[A ] 172. c:\windows\system32\drivers\vga.sys
Microsoft Corporation
VGA/Super VGA Video Driver
.text,.rdata,.data,PAGE,PAGE_DAT,INIT,.rsrc,.reloc,

vmmouse
[A ] 173. c:\windows\system32\drivers\vmmouse.sys
VMware, Inc.
VMware Pointing Device Driver
.text,.rdata,PAGE,INIT,.rsrc,.reloc,

VolSnap
[A ] 174. c:\windows\system32\drivers\volsnap.sys
Microsoft Corporation
Volume Shadow Copy Driver
.text,.rdata,.data,PAGELK,INIT,.rsrc,.reloc,

Wanarp
[A ] 175. c:\windows\system32\drivers\wanarp.sys
Microsoft Corporation
MS Remote Access and Routing ARP Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

wdmaud
[A ] 176. c:\windows\system32\drivers\wdmaud.sys
Microsoft Corporation
MMSYSTEM Wave/Midi API mapper
.text,.rdata,.data,PAGE,PAGEDATA,PAGECONS,INIT,.rsrc,.reloc,

WLBS
[A ] 177. c:\windows\system32\drivers\wlbs.sys
Microsoft Corporation
Network Load Balancing Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
Cdfs
[A ] 178. c:\windows\system32\drivers\cdfs.sys
Microsoft Corporation
CD-ROM File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

DfsDriver
[A ] 179. c:\windows\system32\drivers\dfs.sys
Microsoft Corporation
Distributed File System Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Fastfat
[A ] 180. c:\windows\system32\drivers\fastfat.sys
Microsoft Corporation
Fast FAT File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

FltMgr
[A ] 181. c:\windows\system32\drivers\fltmgr.sys
Microsoft Corporation
Microsoft Filesystem Filter Manager
.text,.rdata,.data,PAGE,PAGEVRF2,.edata,PAGEDDAT,INIT,.rsrc,.reloc,

MRxDAV
[A ] 182. c:\windows\system32\drivers\mrxdav.sys
Microsoft Corporation
Windows NT WebDav Minirdr
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

MRxSmb
[A ] 183. c:\windows\system32\drivers\mrxsmb.sys
Microsoft Corporation
Windows NT SMB Minirdr
.text,SECUR,.rdata,.data,PAGE,PAGE5NET,PAGE,INIT,.rsrc,.reloc,

Msfs
[A ] 184. c:\windows\system32\drivers\msfs.sys
Microsoft Corporation
Mailslot driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Mup
[A ] 185. c:\windows\system32\drivers\mup.sys
Microsoft Corporation
Multiple UNC Provider driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

NetBIOS
[A ] 186. c:\windows\system32\drivers\netbios.sys
Microsoft Corporation
NetBIOS interface driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Npfs
[A ] 187. c:\windows\system32\drivers\npfs.sys
Microsoft Corporation
NPFS Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Ntfs
[A ] 188. c:\windows\system32\drivers\ntfs.sys
Microsoft Corporation
NT File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Rdbss
[A ] 189. c:\windows\system32\drivers\rdbss.sys
Microsoft Corporation
Redirected Drive Buffering SubSystem Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,

Srv
[A ] 190. c:\windows\system32\drivers\srv.sys
Microsoft Corporation
Server driver
.text,.rdata,.data,PAGE,PAGE8FIL,INIT,.rsrc,.reloc,

Udfs
[A ] 191. c:\windows\system32\drivers\udfs.sys
Microsoft Corporation
UDF File System Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost
[A ] 192. c:\windows\system32\logonui.exe
Microsoft Corporation
Windows Logon UI
.text,.data,.rsrc,

yessky - 2007-8-2 17:31:00

+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain
[AM] 193. c:\windows\system32\crypt32.dll
Microsoft Corporation
Crypto API32
.text,.data,.rsrc,.reloc,

cryptnet
[A ] 194. c:\windows\system32\cryptnet.dll
Microsoft Corporation
Crypto Network Related API
.text,.data,.rsrc,.reloc,

cscdll
[AM] 195. c:\windows\system32\cscdll.dll
Microsoft Corporation
Offline Network Agent
.text,PAGE,.data,.rsrc,.reloc,

dimsntfy
[AM] 196. c:\windows\system32\dimsntfy.dll
Microsoft Corporation
DIMS Notification Handler
.text,.data,.rsrc,.reloc,

igfxcui
[A ] 197. c:\windows\system32\igfxdev.dll
Intel Corporation
igfxdev Module
.text,.rdata,.data,.rsrc,.reloc,

ScCertProp
[AM] 198. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

Schedule
[AM] 198. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

sclgntfy
[A ] 199. c:\windows\system32\sclgntfy.dll
Microsoft Corporation
Secondary Logon Service Notification DLL
.text,.data,.rsrc,.reloc,

SensLogn
[AM] 198. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

termsrv
[AM] 198. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

wlballoon
[AM] 198. c:\windows\system32\wlnotify.dll
Microsoft Corporation
Common DLL to receive Winlogon notifications
.text,.data,.rsrc,.reloc,

+ IE浏览器加载模块
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[A ] 201. c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,

{889D2FEB-5411-4565-8998-1DD2C5261283}
[A ] 202. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 203. c:\program files\thunder network\thunder\thunder.exe
Thunder Networking Technologies,LTD
.text,.rdata,.data,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{4D5C8C25-D075-11d0-B416-00C04FB90376}
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
Class Install Handler
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

deflate
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

gzip
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

lzdhtml
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

text/webviewhtml
[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
about
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

cdl
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

file
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

ftp
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

gopher
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

http
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

https
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

its
[A ] 207. c:\windows\system32\itss.dll
Microsoft Corporation
Microsoft? InfoTech Storage System Library
.text,.data,.rsrc,.reloc,

javascript
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

local
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

mailto
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

mk
[AM] 204. c:\windows\system32\urlmon.dll
Microsoft Corporation
OLE32 Extensions for Win32
.text,.orpc,.data,.rsrc,.reloc,

ms-its
[A ] 207. c:\windows\system32\itss.dll
Microsoft Corporation
Microsoft? InfoTech Storage System Library
.text,.data,.rsrc,.reloc,

res
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

sysimage
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:32:00

vbscript
[AM] 206. c:\windows\system32\mshtml.dll
Microsoft Corporation
Microsoft (R) HTML Viewer
.text,.data,.rsrc,.reloc,

wia
[A ] 208. c:\windows\system32\wiascr.dll
Microsoft Corporation
WIA Scripting Layer
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
[A ] 209. c:\windows\inf\unregmp2.exe
Microsoft Corporation
Microsoft Windows Media Player 安装实用程序
.text,.data,.rsrc,

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
[AM] 210. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
[A ] 211. c:\windows\system32\regsvr32.exe
Microsoft Corporation
Microsoft(C) Register Server
.text,.data,.rsrc,

[AM] 212. c:\windows\system32\themeui.dll
Microsoft Corporation
Windows Theme API
.text,.data,.rsrc,.reloc,

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
[AM] 210. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

{89820200-ECBD-11cf-8B85-00AA005B4340}
[A ] 211. c:\windows\system32\regsvr32.exe
Microsoft Corporation
Microsoft(C) Register Server
.text,.data,.rsrc,

[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{89820200-ECBD-11cf-8B85-00AA005B4383}
[A ] 213. c:\windows\system32\ie4uinit.exe
Microsoft Corporation
IE 5.0 Per-User Install Utility
.text,.data,.rsrc,

{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
[AM] 210. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
[AM] 210. c:\windows\system32\rundll32.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,

+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{24F14F01-7B1C-11d1-838f-0000F80461CF}
[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{24F14F02-7B1C-11d1-838f-0000F80461CF}
[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

{66742402-F9B9-11D1-A202-0000F81FEDEE}
[AM] 205. c:\windows\system32\shell32.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Multimedia File Property Sheet
[A ] 214. c:\windows\system32\mmsys.cpl
Microsoft Corporation
Control Panel Drivers Applet
.text,.data,.rsrc,.reloc,

ICM 扫描仪管理
[A ] 215. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

NTFS Security Page
[A ] 216. c:\windows\system32\rshx32.dll
Microsoft Corporation
Security Shell Extension
.text,.data,.rsrc,.reloc,

OLE Docfile Property Page
[A ] 217. c:\windows\system32\docprop.dll
Microsoft Corporation
OLE DocFile Property Page
.text,.data,.rsrc,.reloc,

Shell extensions for sharing
[AM] 218. c:\windows\system32\ntshrui.dll
Microsoft Corporation
Shell extensions for sharing
.text,.data,.rsrc,.reloc,

PlusPack CPL Extension
[AM] 212. c:\windows\system32\themeui.dll
Microsoft Corporation
Windows Theme API
.text,.data,.rsrc,.reloc,

Display Adapter CPL Extension
[A ] 219. c:\windows\system32\deskadp.dll
Microsoft Corporation
Advanced display adapter properties
.text,.data,.rsrc,.reloc,

Display Monitor CPL Extension
[A ] 220. c:\windows\system32\deskmon.dll
Microsoft Corporation
Advanced display monitor properties
.text,.data,.rsrc,.reloc,

DS Security Page
[A ] 221. c:\windows\system32\dssec.dll
Microsoft Corporation
Directory Service Security UI
.text,.data,.rsrc,.reloc,

Compatibility Page
[A ] 222. c:\windows\system32\slayerxp.dll
Microsoft Corporation
Compatibility Tab Shell Extension DLL
.text,.data,.rsrc,.reloc,

Shell Scrap DataHandler
[A ] 223. c:\windows\system32\shscrap.dll
Microsoft Corporation
Shell scrap object handler
.text,.data,.rsrc,.reloc,

Disk Copy Extension
[A ] 224. c:\windows\system32\diskcopy.dll
Microsoft Corporation
Windows DiskCopy
.text,.data,.rsrc,.reloc,

Shell extensions for Microsoft Windows Network objects
[A ] 225. c:\windows\system32\ntlanui2.dll
Microsoft Corporation
Network object shell UI
.text,.data,.rsrc,.reloc,

ICM 监视器管理
[A ] 215. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

ICM 打印机管理
[A ] 215. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

Web Printer Shell Extension
[A ] 226. c:\windows\system32\printui.dll
Microsoft Corporation
Print UI DLL
.text,.data,.rsrc,.reloc,

Disk Quota UI
[A ] 227. c:\windows\system32\dskquoui.dll
Microsoft Corporation
Windows Shell Disk Quota UI DLL
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:33:00

字体
[A ] 228. c:\windows\system32\fontext.dll
Microsoft Corporation
Windows Font Folder
.text,.data,.rsrc,.reloc,

ICC 配置文件
[A ] 215. c:\windows\system32\icmui.dll
Microsoft Corporation
Microsoft Color Matching System User Interface DLL
.text,.data,.rsrc,.reloc,

Printers Security Page
[A ] 216. c:\windows\system32\rshx32.dll
Microsoft Corporation
Security Shell Extension
.text,.data,.rsrc,.reloc,

Shell extensions for sharing
[AM] 218. c:\windows\system32\ntshrui.dll
Microsoft Corporation
Shell extensions for sharing
.text,.data,.rsrc,.reloc,

Display TroubleShoot CPL Extension
[A ] 229. c:\windows\system32\deskperf.dll
Microsoft Corporation
Advanced display performance properties
.text,.data,.rsrc,.reloc,

Crypto PKO Extension
[A ] 230. c:\windows\system32\cryptext.dll
Microsoft Corporation
Crypto Shell Extensions
.text,.data,.rsrc,.reloc,

Crypto Sign Extension
[A ] 230. c:\windows\system32\cryptext.dll
Microsoft Corporation
Crypto Shell Extensions
.text,.data,.rsrc,.reloc,

网络连接
[AM] 231. c:\windows\system32\netshell.dll
Microsoft Corporation
Network Connections Shell
.text,.orpc,.data,.rsrc,.reloc,

网络连接
[AM] 231. c:\windows\system32\netshell.dll
Microsoft Corporation
Network Connections Shell
.text,.orpc,.data,.rsrc,.reloc,

扫描仪和照相机
[A ] 232. c:\windows\system32\wiashext.dll
Microsoft Corporation
Imaging Devices Shell Folder UI
.text,.data,.rsrc,.reloc,

扫描仪和照相机
[A ] 232. c:\windows\system32\wiashext.dll
Microsoft Corporation
Imaging Devices Shell Folder UI
.text,.data,.rsrc,.reloc,

扫描仪和照相机
[A ] 232. c:\windows\system32\wiashext.dll
Microsoft Corporation
Imaging Devices Shell Folder UI
.text,.data,.rsrc,.reloc,

扫描仪和照相机
[A ] 232. c:\windows\system32\wiashext.dll
Microsoft Corporation
Imaging Devices Shell Folder UI
.text,.data,.rsrc,.reloc,

扫描仪和照相机
[A ] 232. c:\windows\system32\wiashext.dll
Microsoft Corporation
Imaging Devices Shell Folder UI
.text,.data,.rsrc,.reloc,

Remote Sessions CPL Extension
[A ] 233. c:\windows\system32\remotepg.dll
Microsoft Corporation
Remote Sessions CPL Extension
.text,.data,.rsrc,.reloc,

IIS Shell Extension
[A ] 234. c:\windows\system32\inetsrv\w3ext.dll
Microsoft Corporation
IIS W3ext Module
.text,.data,.rsrc,.reloc,

Windows Script Host 的外壳扩展
[A ] 235. c:\windows\system32\wshext.dll
Microsoft Corporation
Microsoft (r) Shell Extension for Windows Script Host
.text,.data,.rsrc,.reloc,

Microsoft 数据链接
[AM] 236. c:\program files\common files\system\ole db\oledb32.dll
Microsoft Corporation
Microsoft Data Access - OLE DB Core Services
.text,.data,.sdbid,.rsrc,.reloc,

Tasks Folder Icon Handler
[A ] 237. c:\windows\system32\mstask.dll
Microsoft Corporation
Task Scheduler interface DLL
.text,.data,.rsrc,.reloc,

Tasks Folder Shell Extension
[A ] 237. c:\windows\system32\mstask.dll
Microsoft Corporation
Task Scheduler interface DLL
.text,.data,.rsrc,.reloc,

任务计划
[A ] 237. c:\windows\system32\mstask.dll
Microsoft Corporation
Task Scheduler interface DLL
.text,.data,.rsrc,.reloc,

Set Program Access and Defaults
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

Auto Update Property Sheet Extension
[A ] 238. c:\windows\system32\wuaucpl.cpl
Microsoft Corporation
Automatic Updates Control Panel
.text,.data,.rsrc,.reloc,

搜索
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

帮助和支持
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

帮助和支持
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

运行...
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

Internet
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

电子邮件
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

字体
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

管理工具
[AM] 200. c:\windows\system32\shdocvw.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.data,.rsrc,.reloc,

Microsoft Internet 工具栏
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

下载状态
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

补充的外壳文件夹
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

补充的外壳文件夹 2
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

BandProxy
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Microsoft BrowserBand
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

搜索区
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

窗格中的搜索
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Web 搜索
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

注册数目路选项实用程序
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

地址(&A)
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

地址 EditBox
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Microsoft AutoComplete
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

TridentImageExtractor
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

MRU 自动完成列表
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

自定义 MRU 自动完成列表
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

可访问的
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

跟踪弹出栏
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Microsoft 历史自动完成列表
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Microsoft 外壳文件夹自动完成列表
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Microsoft 多个自动完成列表容器
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

Shell Band Site Menu
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

外壳 DeskBarApp
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

yessky - 2007-8-2 17:37:00

外壳 DeskBar
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

外壳 Rebar BandSite
[AM] 239. c:\windows\system32\browseui.dll
Microsoft Corporation
Shell Browser UI Library
.text,.data,.rsrc,.reloc,

outlook1 - 2007-8-2 18:06:00

没有什么大问题

Enao2005 - 2007-8-2 19:34:00

没看出什么

瑞星卡卡安全论坛