瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 诡异的不死提示框: Microsoft Internet Explorer 可能与度娘的插件有关
huweinan - 2011-4-20 9:30:00
恶意弹出IE对话框 "确实要离开该页面吗? 刷新后之前游戏中的操作会丢失, 点击取消,注册可保存游戏操作!"
    用户点击【叉】过1分钟后又会弹出该提示框,点击“取消”两次则3小时内不再弹出,点击“确定”1此则4小时内不再弹出:kaka6:
该提示框经常弹出,而且是在没有打开IE浏览器的时候也会弹出~
  查看瑞星的监控、任务管理器进程也没有可疑的进程。
下面附上事件管理器的可疑记录:
(我这台PS是工作用机,只安过百度的音乐插件,偶尔也弹出游戏的广告小窗口,网址指向百度的某小网页游戏)
==================================================
事件类型:        错误
事件来源:        SideBySide
事件种类:        无
事件 ID:        58
日期:                2011-4-20
事件:                9:06:31
用户:                N/A
计算机:        MARK
描述:
在清单文件或策略文件 "D:\飞速Tudou\Microsoft.VC80.MFC.MANIFEST" 的第 4 行出现语法错误。

有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

===================================================
事件类型:        错误
事件来源:        SideBySide
事件种类:        无
事件 ID:        34
日期:                2011-4-20
事件:                9:05:46
用户:                N/A
计算机:        MARK
描述:
在清单里发现的组件的标识与被申请的组件的标识不匹配

有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

===================================================

事件类型:        错误
事件来源:        SideBySide
事件种类:        无
事件 ID:        59
日期:                2011-4-20
事件:                9:05:46
用户:                N/A
计算机:        MARK
描述:
Generate Activation Context 为 D:\飞速Tudou\tudouDetector.dll 失败。 参考错误消息: 操作成功完成。
.

有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

===================================================事件类型:        信息
事件来源:        Service Control Manager
事件种类:        无
事件 ID:        7036
日期:                2011-4-20
事件:                8:58:51
用户:                N/A
计算机:        MARK
描述:
Performance Logs and Alerts 服务处于 停止 状态。

有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

===================================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CIBA)
huweinan - 2011-4-20 9:31:00
很遗憾论坛上不能上图,那么我贴个百度知道的网址。
改百度用户和我遇到的问题相同,且有图有真相
http://zhidao.baidu.com/question/254337593.html
networkedition - 2011-4-20 9:56:00
下载sreng工具扫描日志发来。
http://www.kztechs.com/sreng/download.html
networkedition - 2011-4-20 10:08:00
如何发图参考此帖:http://bbs.ikaka.com/showtopic-8616820.aspx
huweinan - 2011-4-20 16:28:00


引用:
原帖由 huweinan 于 2011-4-20 9:31:00 发表
很遗憾论坛上不能上图,那么我贴个百度知道的网址。
改百度用户和我遇到的问题相同,且有图有真相
http://zhidao.baidu.com/question/254337593.html


使用智能扫描后,卡在 “Windows安全更新检查”30分钟无响应,故无法提交日志.


另,附上本帖主题问题的截图:
networkedition - 2011-4-20 16:31:00
取消windows安全更新检查后再扫描日志,最好是在弹窗时扫描日志。
huweinan - 2011-4-20 16:40:00


引用:
原帖由 networkedition 于 2011-4-20 16:31:00 发表
取消windows安全更新检查后再扫描日志,最好是在弹窗时扫描日志。


选择跳过“Windows安全更新检查”,扫描结果如下,请查收。

另,在启动项目的扫描中出现如下提示:  稍后贴上今晚的杀毒日志.

生成的可疑文件包 SuspiciousFiles.大概22MB左右,是否传的上来?
今天还可以上传: 9.26 MB..汗,明天再看哈


我尽量在 问题出现 时扫描,尽快发给您,谢谢@!

附件: SREngLOG.诡异的提示框.log
networkedition - 2011-4-20 16:48:00
e:\mib界面\fbi-\fbi.exe,那个mib界面是你自己装的吗?
huweinan - 2011-4-21 11:53:00


引用:
原帖由 networkedition 于 2011-4-20 16:48:00 发表
e:\mib界面\fbi-\fbi.exe,那个mib界面是你自己装的吗?


附件: SREngLOG诡异的提示框21号.log
networkedition - 2011-4-21 13:07:00
日志就这里异常:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><E:\MIB界面\FBI-\fbi.exe>  [by Pedro Ruiz-Garcia]
其余的没看出什么。
一梦睡千年 - 2011-4-23 16:54:00
学习中
huweinan - 2011-4-25 9:56:00
为了查证出现这个现象是那个程序的插件造成的,做了个实验。
找了2台新机器,分别安装了 千千静听 和 百度HI ,结果是千千静听弹出的【图例】窗口,百度HI弹出的是引诱注册网页游戏的窗口。
  结论,千千静听新版升级后,出现的该窗口。
待管理员回复后,本问题解决.:kaka1:
huweinan - 2011-4-26 13:05:00
【本月26号】SREngLOG诡异的提示框  系统扫描报告【附图】
上次咱们提到的 MIB系统登陆 我已经还原 ,我特意在提示框出现时扫描,现将最新的报告提交,请查看。
huweinan - 2011-4-26 13:06:00


引用:
原帖由 huweinan 于 2011-4-26 13:05:00 发表
【本月26号】SREngLOG诡异的提示框  系统扫描报告【附图】
上次咱们提到的 MIB系统登陆 我已经还原 ,我特意在提示框出现时扫描,现将最新的报告提交,请查看。



附件: SREngLOG诡异的提示框26号.log
huweinan - 2011-4-26 13:11:00
未知家族病毒分析
扫描结果:
无可疑文件

系统活动进程
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\FREELAUNCHBAR\FLB.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
C:\PROGRAM FILES\SOGOUINPUT\PLUGIN\SGIMEWORD.DLL
D:\RISING\REGCALL.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\KAKAEXT.DLL
D:\新建ALIWANGWANG文件夹\ALIIMEXT.DLL
C:\WINDOWS\SYSTEM32\NDSSHEX.DLL
C:\WINDOWS\SYSTEM32\YOUKUDESKTOPSHELL.DLL
D:\飞速ITUDOU\TUDOUUPLOAD.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXEV.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\APPPATCH\ACADPROC.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\NAP32.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\PROGRAM FILES\RISING\RSD\RSMGRSVC.EXE
C:\PROGRAM FILES\RISING\RSD\COMX3.DLL
C:\PROGRAM FILES\RISING\RSD\SYSLAY.DLL

D:\RISING\RISING\RFW\RAVMOND.EXE
D:\RISING\RISING\RFW\COMBASE.DLL
D:\RISING\RISING\RFW\CNT09.DLL
D:\RISING\RISING\RFW\MONBASE.DLL
D:\RISING\RISING\RFW\MONCOMM.DLL
D:\RISING\RISING\RFW\RSCONF.DLL
D:\RISING\RISING\RFW\RFWLOG.DLL
D:\RISING\RISING\RFW\RFWRULE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\RISING\RISING\RFW\RFWSRV.DLL
D:\RISING\RISING\RFW\SYSLAY.DLL
D:\RISING\RISING\RFW\MPORTS.DLL
D:\RISING\RISING\RFW\RFWDRVC.DLL
D:\RISING\RISING\RFW\FISHWEB.DLL
D:\RISING\RISING\RFW\RSINDENT.DLL
D:\RISING\RISING\RFW\TASKPLUG.DLL
D:\RISING\RISING\RFW\RFWPGDEF.DLL
D:\RISING\RISING\RFW\PROCCOMM.DLL
D:\RISING\RISING\RFW\COMX3.DLL
D:\RISING\RISING\RFW\RFWDRV.DLL
D:\RISING\RISING\RFW\RFWARP.DLL
D:\RISING\RISING\RFW\URLRULE.DLL
D:\RISING\RISING\RFW\RECOMP.DLL
D:\RISING\RISING\RFW\REFS.DLL
D:\RISING\RISING\RFW\VIRUSLIB.DLL
D:\RISING\RISING\RFW\RELIBLDR.DLL
D:\RISING\RISING\RFW\RFWPROXY.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RISING\RFW\RSLANG.DLL
D:\RISING\RISING\RFW\FWFISH.DLL
D:\RISING\RISING\RFW\FWCOMP.DLL
D:\RISING\RISING\RFW\FWFS.DLL
D:\RISING\RISING\RFW\FWVIRLIB.DLL
D:\RISING\RISING\RFW\FWLIBLDR.DLL
D:\RISING\RISING\RFW\RSTASK.DLL
D:\RISING\RISING\RFW\RSSTUB.DLL
D:\RISING\RISING\RFW\URLLIB.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\NAP32.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\NAP32.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\FILTERPIPELINEPRINTPROC.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDNT5UI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDDM32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZSPOOL.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZGDI32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZTAG32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDDMUI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SR32.DLL

D:\RISING\RFB\RSSMOND.EXE
D:\RISING\RFB\COMBASE.DLL
D:\RISING\RFB\MONCOMM.DLL
D:\RISING\RFB\MONBASE.DLL
D:\RISING\RFB\RSSAFETYMONDRIVER.DLL
D:\RISING\RFB\RSSAFETYMON.DLL
D:\RISING\RFB\RSSVIRUSMON.DLL
D:\RISING\RFB\PROCCOMM.DLL
D:\RISING\RFB\COMX3.DLL
D:\RISING\RFB\SYSLAY.DLL
D:\RISING\RFB\RSSDB.DLL
D:\RISING\RFB\RSPROTECT.DLL

D:\RISING\RAV\RAVMOND.EXE
D:\RISING\RAV\COMBASE.DLL
D:\RISING\RAV\RSCONF.DLL
D:\RISING\RAV\SCANSRVP.DLL
D:\RISING\RAV\CNT09.DLL
D:\RISING\RAV\MONCOMM.DLL
D:\RISING\RAV\MONBASE.DLL
D:\RISING\RAV\RSLOG.DLL
D:\RISING\RAV\RSSTORE.DLL
D:\RISING\RAV\MONDRVD.DLL
D:\RISING\RAV\DEFMON.DLL
D:\RISING\RAV\MONCOM08.DLL
D:\RISING\RAV\TASKPLUG.DLL
D:\RISING\RAV\MONDRVM.DLL
D:\RISING\RAV\MONRULE.DLL
D:\RISING\RAV\FILEMON.DLL
D:\RISING\RAV\MAILMON.DLL
D:\RISING\RAV\RSINDENT.DLL
D:\RISING\RAV\CNT08.DLL
D:\RISING\RAV\PROCCOMM.DLL
D:\RISING\RAV\COMX3.DLL
D:\RISING\RAV\SYSLAY.DLL
D:\RISING\RAV\HOOKSYS.DLL
D:\RISING\RAV\PROCCOM.DLL
D:\RISING\RAV\RSCOMMX2.DLL
D:\RISING\RAV\RSTASK.DLL
D:\RISING\RAV\RSSTUB.DLL
D:\RISING\RAV\RSLANG.DLL
D:\RISING\RAV\HOOKTDI.DLL
D:\RISING\RAV\BACORE.DLL
D:\RISING\RAV\RECOMP.DLL
D:\RISING\RAV\REFS.DLL
D:\RISING\RAV\VIRUSLIB.DLL
D:\RISING\RAV\RELIBLDR.DLL
D:\RISING\RAV\RSNETSVR.DLL
D:\RISING\RAV\BAWHITE.DLL
D:\RISING\RAV\SCANADD.DLL
D:\RISING\RAV\SCANNER.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\SCANSRV.DLL
D:\RISING\RAV\SCANPE.DLL
D:\RISING\RAV\PEARC.DLL
D:\RISING\RAV\ENGEXT.DLL
D:\RISING\RAV\FFR.DLL
D:\RISING\RAV\NVFILE.DLL
D:\RISING\RAV\SCANEXEC.DLL
D:\RISING\RAV\UNEXE.DLL
D:\RISING\RAV\SCANEX.DLL
D:\RISING\RAV\SCANTJ.DLL
D:\RISING\RAV\SCANSCT.DLL
D:\RISING\RAV\VMICORE.DLL
D:\RISING\RAV\UR029.DAT
D:\RISING\RAV\UR025.DAT
D:\RISING\RAV\URUTILS.DLL
D:\RISING\RAV\EXTMAIL.DLL
D:\RISING\RAV\SCANRAVT.DLL
D:\RISING\RAV\SCANBT.DLL
D:\RISING\RAV\SCANSTUB.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH10O.OCX
C:\WINDOWS\SYSTEM32\NAP32.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL
C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.51204.0\NPCTRL.DLL
C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.51204.0\AGCORE.DLL
F:\QQDOWN~1\MSN文~1\TIMWP.DLL

D:\RISING\RAV\RSTRAY.EXE
D:\RISING\RAV\COMSERV.DLL
D:\RISING\RAV\RSLANG.DLL
D:\RISING\RAV\COMX3.DLL
D:\RISING\RAV\SYSLAY.DLL
D:\RISING\RAV\PROCCOMM.DLL
D:\RISING\RAV\RSXML.DLL
D:\RISING\RAV\MONSTATE.DLL
D:\RISING\RAV\SCANEVNT.DLL
D:\RISING\RAV\RSGUILIB.DLL
D:\RISING\RAV\RSCONF.DLL
D:\RISING\RAV\RSPALVD.DLL
D:\RISING\RAV\MRULEUI.DLL
D:\RISING\RAV\MONTRAY.DLL
D:\RISING\RAV\RSMGINFO.DLL
D:\RISING\RAV\USBSERV.DLL
D:\RISING\RAV\SCANTRAY.DLL
D:\RISING\RAV\PNGDLL.DLL
D:\RISING\RAV\DFW.DLL
D:\RISING\RAV\SCANPRXY.DLL
D:\RISING\RAV\GCOMPT.DLL
D:\RISING\RAV\ISOL.DLL
D:\RISING\RAV\RSSTORE.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL

D:\R瑞星产品新功能演示\卡卡精华帖之进程察看--工具夹\瑞星听诊器.EXE
D:\RISING\REGCALL.DLL

D:\R瑞星产品新功能演示\卡卡精华帖之进程察看--工具夹\家鸽小助手1.91\J-TASK.EXE
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
D:\RISING\REGCALL.DLL

D:\RISING\RISING\RFW\RSTRAY.EXE
D:\RISING\RISING\RFW\COMSERV.DLL
D:\RISING\RISING\RFW\RSLANG.DLL
D:\RISING\RISING\RFW\COMX3.DLL
D:\RISING\RISING\RFW\SYSLAY.DLL
D:\RISING\RISING\RFW\PROCCOMM.DLL
D:\RISING\RISING\RFW\RSXML.DLL
D:\RISING\RISING\RFW\MONSTATE.DLL
D:\RISING\RISING\RFW\RFWRULE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\RISING\RISING\RFW\RSCONF.DLL
D:\RISING\RISING\RFW\RSPALVD.DLL
D:\RISING\RISING\RFW\RSGUILIB.DLL
D:\RISING\RISING\RFW\RSNETSVR.DLL
D:\RISING\RISING\RFW\RSMGINFO.DLL
D:\RISING\RISING\RFW\RFWTRAY.DLL
D:\RISING\RISING\RFW\RFWLOG.DLL
D:\RISING\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\WINDOWS\SOUNDMAN.EXE
D:\RISING\REGCALL.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
D:\RISING\REGCALL.DLL

D:\RISING\RSTRAY.EXE
D:\RISING\RSMGINFO.DLL
D:\RISING\REGCALL.DLL
D:\RISING\RSXML.DLL
D:\RISING\COMSERV.DLL
D:\RISING\SYSLAY.DLL
D:\RISING\MSVCP71.DLL
D:\RISING\MSVCR71.DLL
D:\RISING\RSCOMMON.DLL
D:\RISING\COMX3.DLL
D:\RISING\RSXML1.DLL
D:\RISING\PNGDLL.DLL
D:\RISING\RUNIEP.DLL
D:\RISING\NCOMM.DLL
D:\RISING\RAV\PROCCOM.DLL
D:\RISING\RSCOMMX2.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL

C:\PROGRAM FILES\THE WORLD 2.1\THEWORLD.EXE
D:\RISING\REGCALL.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH10O.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
C:\PROGRAM FILES\SOGOUINPUT\PLUGIN\SGIMEWORD.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
runeip = "D:\RISING\RSTRAY.EXE" /STARTUP
ms08_067_patch = "C:\WINDOWS\SYSTEM32\NAP32.EXE" /RUN
RavTRAY = "D:\RISING\RAV\RSTRAY.EXE" -SYSTEM
RFWTRAY = "D:\RISING\RISING\RFW\RSTRAY.EXE" -SYSTEM
RadDown = "C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RFWDOWN\RAD0316007.EXE" -AUTO
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
SafetyBox = "D:\RISING\RFB\SAFETYBOX.EXE" -TRAY
SoundMan = SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay = D:\RISING\RUNONCE.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
dimsntfy = C:\WINDOWS\SYSTEM32\DIMSNTFY.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{43BEAFD9-E005-483D-A367-146BA6C8A32E} = D:\飞速Tudou\tudouDetector.dll
{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} = D:\高品质~1\XM安装~2\Shark\XIAMIP~1.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} = C:\WINDOWS\system32\UrlFilter.dll
{A412E581-59B2-485E-834F-C5F0C0268C79} = D:\PowerWord Lite\CBEBand.DLL


Winsock SPI
Youku Smart aPercieve LSP over MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
Youku Smart aPercieve LSP over MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
Youku Smart aPercieve LSP over MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD nwlnkipx [IPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B568D4C-F239-44A5-98F3-358EF20A5028}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B568D4C-F239-44A5-98F3-358EF20A5028}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3D2597-9A7F-41CD-A303-1B707C0BFDB3}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3D2597-9A7F-41CD-A303-1B707C0BFDB3}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37159B4-19AD-4B0F-ABCB-E43340470FC1}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37159B4-19AD-4B0F-ABCB-E43340470FC1}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B894DA9B-F5C2-4603-A1A7-F7690FBD2D43}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B894DA9B-F5C2-4603-A1A7-F7690FBD2D43}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
Youku Smart aPercieve LSP = C:\WINDOWS\SYSTEM32\IKUTM.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
Dot3svc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K DOT3SVC
EapHost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K EAPSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
hkmsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
LanmanServer = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LiveUpdate = "C:\PROGRA~1\SYMANTEC\LIVEUP~1\LUCOMS~1.EXE"
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
napagent = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsMgrSvc = "C:\PROGRAM FILES\RISING\RSD\RSMGRSVC.EXE"
RsRavMon = "D:\RISING\RAV\RAVMOND.EXE"
RsRFWMon = "D:\RISING\RISING\RFW\RAVMOND.EXE"
RsSafetyBoxMon = "D:\RISING\RFB\RSSMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{01D2D807-31A4-4D8B-A20D-6D8ED11FDC7F}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
Sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
huweinan - 2011-4-26 13:11:00
系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
ACPIEC = C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
CmBatt = C:\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS
Compbatt = C:\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
eeCtrl = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\EENGINE\EECTRL.SYS
es1371 = C:\WINDOWS\SYSTEM32\DRIVERS\ES1371MP.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
hooksys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HookTdi = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKTDI.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
HyperVM = C:\WINDOWS\SYSTEM32\DRIVERS\HVM.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
JiaGe = D:\R瑞星产品新功能演示\卡卡精华帖之进程察看--工具夹\家鸽小助手1.91\JIAGEXZS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kbdhid = C:\WINDOWS\SYSTEM32\DRIVERS\KBDHID.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
nvrd32 = C:\WINDOWS\SYSTEM32\DRIVERS\NVRD32.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
NwlnkIpx = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKIPX.SYS
NwlnkNb = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS
NwlnkSpx = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PCnet = C:\WINDOWS\SYSTEM32\DRIVERS\PCNTPCI5.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
rfwaf = D:\RISING\RISING\RFW\RFWAF.SYS
RFWARP = C:\WINDOWS\SYSTEM32\DRIVERS\RFWARP.SYS
RFWNDIS = C:\WINDOWS\SYSTEM32\DRIVERS\RFWNDIS.SYS
rfwtdi = D:\RISING\RISING\RFW\RFWTDI.SYS
rsfwdrv = D:\RISING\RISING\RFW\RSFWDRV.SYS
RsProtect5 = C:\WINDOWS\SYSTEM32\DRIVERS\RSPROTECT.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SiFilter = C:\WINDOWS\SYSTEM32\DRIVERS\SIWINACC.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
viamraid = C:\WINDOWS\SYSTEM32\DRIVERS\VIAMRAID.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
networkedition - 2011-4-26 13:17:00
lz将qq号通过站内短消息发送给我,远程看一下。
huweinan - 2011-4-26 13:35:00
不好意思啊,单位机器没有安装QQ  且端口都是封锁的。

晚上我用出现同样问题的个人PC试试,然后再联系下工程师。

能给我个瑞星工程师远程服务的网页地址么?
huweinan - 2011-4-26 13:43:00
另,每次SREngLOG扫描后。试图关闭该窗口都提示,“由于被系统锁住,该程序无法关闭 。”
networkedition - 2011-4-26 13:47:00
使用瑞星卡卡上网安全助手的进程管理——查找窗口,点击查找工具放到那个弹出的框,看一下那个窗口所属进程是啥。






huweinan - 2011-4-26 15:25:00
由于目标窗口已经锁住,可能信息不准。
截获准确信息后,我还会发上来并 短信斑竹您。:kaka1:

窗口句柄:0x000808F4
所属进程:explorer.exe
                  另, 详细信息如下:
窗口标题:Microsoft Internet Explorer (没有响应)
窗口位置:(64,-5)-(360,162) 296x167
窗口类名:Ghost
空间ID:  0x00000000(0)
huweinan - 2011-4-28 9:18:00
2011年04月28号9:13:04 
截获  ttpsvr.exe  进程弹出的 小MM游戏邀请 窗口 ~囧~:kaka6:

窗口句柄:0x00030C72
所属进程:ttpsvr.exe

窗口标题:
窗口位置:(760,550)-(1020,740) 260x190
窗口类名:TTPSvr_FlashWnd
空间ID:  0x00000000(0)
networkedition - 2011-4-28 9:53:00
系统里是否安装有千千静音听软件,如果有暂时卸载,卸载后将安装目录下的文件手动删除试试。
huweinan - 2011-5-3 13:48:00
【内详】新截获 ttpsvr.exe 进程弹出的 小MM游戏邀
2011年04月28号9:13:04
截获 ttpsvr.exe 进程弹出的 小MM游戏邀请 窗口 ~囧~

窗口句柄:0x00030C72
所属进程:ttpsvr.exe

窗口标题:
窗口位置:(760,550)-(1020,740) 260x190
窗口类名:TTPSvr_FlashWnd
空间ID: 0x00000000(0)
========================================
1
查看完整版本: 诡异的不死提示框: Microsoft Internet Explorer 可能与度娘的插件有关