再麻烦高手啦!!请看今天的扫描日志:
HijackThis_815汉化版扫描日志 V1.99.1
保存于      14:13:08, 日期 2005-12-8
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\ctfmon.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\eMule\eMule.exe
D:\Program Files\pho\my.exe
D:\Program Files\pho\TIMPlatform.exe
D:\Program Files\pho\QQexternal.exe
D:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\system32\stdup.dll (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\pho\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\pho\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\pho\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.rd.yahoo.com/auct/promo/3721/200508/ielogo-wcfashion/*http://cn.promo.auctions.yahoo.com/200507/fashion/index.html?refcode=3721200508ielogo-wcfashion (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF83EF81-6C25-49DA-AE6D-6C176FAA101A}: NameServer = 202.96.128.68
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

高手们今天都很忙吗?55555555~~~~~~~~~~~

没看出问题

杀毒软件报毒路径和文件名是什么？

鸽子的味道确实不浓

修复O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\system32\stdup.dll (file missing)    并搜索相应路径下的stdup.dll （显示所有文件）删除
试试结束以下进程（须自己判断）：
D:\Program Files\pho\my.exe
D:\Program Files\pho\TIMPlatform.exe
D:\Program Files\pho\QQexternal.exe
找到相应路径下的pho文件删除

路径是:c:\winnt
文件名:Server.DLL
病毒名:Backdoor.Gpigeon.aae
瑞星18.04.21版本查杀的
这是杀毒后扫描的结果

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

stdup.dll是一款Adware广告软件相关文件，建议立即删除。

好,我这就删
Autoruns日志:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\winnt\system32\nvcpl.dll

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCicero LoaderMicrosoft Corporationc:\winnt\system32\ctfmon.exe

+ SystemSafetyMonitorMaster ModuleSystem Safetyd:\program files\system safety monitor\syssafe.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

+ EnableRevocationMicrosoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Internet Explorer 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player 6.4ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Outlook Express 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ AlcoholShellExAXShlEx.dllAlcohol Soft Development Teamd:\program files\alcohol soft\alcohol 120\axshlex.dll

+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\winnt\system32\acsignicon.dll

+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll

+ Desktop ExplorerNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\winnt\system32\nvshell.dll

+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\winnt\system32\nvshell.dll

+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationd:\program files\microsoft office\office11\msohev.dll

+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\winnt\system32\nvshell.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealOne Player Shell ExtensionsRealNetworksc:\program files\real\realone player\rpshellext.dll

+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Fax Tiff Data Column ProviderFax Tiff Data Column ProviderMicrosoft Corporationc:\winnt\system32\faxshell.dll

+ ShAVColumnProvider classDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ Version Column ProviderDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 6.0 for ActivieXAdobe Systems Incorporatedd:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ stdupFile not found: C:\WINNT\system32\stdup.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 豪杰超级解霸V8d:\herosoft\herov8\sthsdvd.exe

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns

+ 手机短信File not found: http://sms.3721.com/ie/index.htm

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://cn.rd.yahoo.com/auct/promo/3721/200508/ielogo-wcfashion/*http://cn.promo.auctions.yahoo.com/200507/fashion/index.html?refcode=3721200508ielogo-wcfashion

HKLM\System\CurrentControlSet\Services

+ BITS用闲置网络带宽在后台传输文件。如果此服务被禁用，那么任何依赖于 BITS 的功能，例如 Windows Update 或 MSN Explorer，都将不能自动下载程序和其它信息。Microsoft Corporationc:\winnt\system32\svchost.exe

+ Browser维护网络上计算机的最新列表以及提供这个列表给请求的程序。Microsoft Corporationc:\winnt\system32\services.exe

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\winnt\system32\services.exe

+ dmserver逻辑磁盘管理器监视狗服务Microsoft Corporationc:\winnt\system32\services.exe

+ Dnscache解析和缓冲域名系统 (DNS) 名称。Microsoft Corporationc:\winnt\system32\services.exe

+ Eventlog记录程序和 Windows 发送的事件消息。事件日志包含对诊断问题有所帮助的信息。您可以在“事件查看器”中查看报告。Microsoft Corporationc:\winnt\system32\services.exe

+ HidServHID Audio ServiceMicrosoft Corporationc:\winnt\system32\hidserv.exe

+ lanmanserver提供 RPC 支持、文件、打印以及命名管道共享。Microsoft Corporationc:\winnt\system32\services.exe

+ lanmanworkstation提供网络链结和通讯。Microsoft Corporationc:\winnt\system32\services.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\winnt\system32\services.exe

+ NtmsSvc管理可移动媒体、驱动程序和库。Microsoft Corporationc:\winnt\system32\svchost.exe

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\winnt\system32\nvsvc32.exe

+ PlugPlay管理设备安装以及配置，并且通知程序关于设备更改的情况。Microsoft Corporationc:\winnt\system32\services.exe

+ PolicyAgent管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。Microsoft Corporationc:\winnt\system32\lsass.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\winnt\system32\services.exe

+ RemoteRegistry允许远程注册表操作。Microsoft Corporationc:\winnt\system32\regsvc.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\winnt\system32\lsass.exe

+ Schedule允许程序在指定时间运行。Microsoft Corporationc:\winnt\system32\mstask.exe

+ seclogon在不同凭据下启用启动过程Microsoft Corporationc:\winnt\system32\services.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\winnt\system32\svchost.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\winnt\system32\spoolsv.exe

+ StarWindServiceEnables network access to local devices via iSCSI protocol.Rocket Division Softwared:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe

+ TrkWks当文件在网络域的 NTFS 卷中移动时发送通知。Microsoft Corporationc:\winnt\system32\services.exe

+ WinMgmt提供系统管理信息。Microsoft Corporationc:\winnt\system32\wbem\winmgmt.exe

+ wuauserv从 Windows Update 启用重要的 Windows 更新的下载和安装。如果禁用该服务，操作系统可以在 Windows Update Web 网站手动更新。Microsoft Corporationc:\winnt\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPIACPI Driver for NTMicrosoft Corporationc:\winnt\system32\drivers\acpi.sys

+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\winnt\system32\drivers\afd.sys

+ agp440440 NT AGP FilterMicrosoft Corporationc:\winnt\system32\drivers\agp440.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\winnt\system32\drivers\alcxwdm.sys

+ AsyncMacRAS Asynchronous Media DriverMicrosoft Corporationc:\winnt\system32\drivers\asyncmac.sys

+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\winnt\system32\drivers\atapi.sys

+ AtmarpcATM ARP Client ProtocolMicrosoft Corporationc:\winnt\system32\drivers\atmarpc.sys

+ audstubAudStub DriverMicrosoft Corporationc:\winnt\system32\drivers\audstub.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\winnt\system32\drivers\basetdi.sys

+ C-DillaFile not found: C:\WINNT\system32\drivers\CDANT.SYS

+ CCDECODEWDM Closed Caption VBI CodecMicrosoft Corporationc:\winnt\system32\drivers\ccdecode.sys

+ CdaC15BAMacrovision SECURITY DriverMacrovision Europe Ltdc:\winnt\system32\drivers\cdac15ba.sys

+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\winnt\system32\drivers\cdrom.sys

+ DiskPnP Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\disk.sys

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys

+ DMusicMicrosoft DirectMusic Software Synthesizer (WDM)Microsoft Corporationc:\winnt\system32\drivers\dmusic.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\fdc.sys

+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\winnt\system32\drivers\fsvga.sys

+ FtdiskFT Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\ftdisk.sys

+ gameenumGame Port EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\gameenum.sys

+ GpcGeneric Packet ClassifierMicrosoft Corporationc:\winnt\system32\drivers\msgpc.sys

+ hidusbUSB Miniport Driver for Input DevicesMicrosoft Corporationc:\winnt\system32\drivers\hidusb.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ i8042prti8042 Port DriverMicrosoft Corporationc:\winnt\system32\drivers\i8042prt.sys

+ IpFilterDriverIP Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\ipfltdrv.sys

+ IpInIpIP in IP Tunnel DriverMicrosoft Corporationc:\winnt\system32\drivers\ipinip.sys

+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\winnt\system32\drivers\ipnat.sys

+ IPSECIPSEC driverMicrosoft Corporationc:\winnt\system32\drivers\ipsec.sys

+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\irenum.sys

+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\isapnp.sys

+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\winnt\system32\drivers\kbdclass.sys

+ kbdhidHID Mouse Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\kbdhid.sys

+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\winnt\system32\drivers\kmixer.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ MouclassMouse Class DriverMicrosoft Corporationc:\winnt\system32\drivers\mouclass.sys

+ mouhidHID Mouse Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\mouhid.sys

+ MPEMicrosoft MPE to IP FilterMicrosoft Corporationc:\winnt\system32\drivers\mpe.sys

+ ms_mpu401MPU401 Adapter DriverMicrosoft Corporationc:\winnt\system32\drivers\msmpu401.sys

+ MSKSSRVMS KS ServerMicrosoft Corporationc:\winnt\system32\drivers\mskssrv.sys

+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\winnt\system32\drivers\mspclock.sys

+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\winnt\system32\drivers\mspqm.sys

+ MSTEEWDM Tee/Communication Transform Filter Microsoft Corporationc:\winnt\system32\drivers\mstee.sys

+ NABTSFECWDM NABTS/FEC VBI CodecMicrosoft Corporationc:\winnt\system32\drivers\nabtsfec.sys

+ NdisTapiRemote Access NDIS TAPI DriverMicrosoft Corporationc:\winnt\system32\drivers\ndistapi.sys

+ NdisuioNDIS 用户模式 I/O 协议Microsoft Corporationc:\winnt\system32\drivers\ndisuio.sys

+ NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\winnt\system32\drivers\ndiswan.sys

+ NetBTNetBios over TcpipMicrosoft Corporationc:\winnt\system32\drivers\netbt.sys

+ NetDetectNetwork Card Detection driverMicrosoft Corporationc:\winnt\system32\drivers\netdtect.sys

+ New0c:\winnt\system32\new.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 66.93 NVIDIA Corporationc:\winnt\system32\drivers\nv4_mini.sys

+ NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkflt.sys

+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkfwd.sys

+ NwlnkIpxNWLink IPX/SPX/NetBIOS Compatible Transport ProtocolMicrosoft Corporationc:\winnt\system32\drivers\nwlnkipx.sys

+ NwlnkNbNWLink NetBIOSMicrosoft Corporationc:\winnt\system32\drivers\nwlnknb.sys

+ NwlnkSpxNWLink SPX/SPXII ProtocolMicrosoft Corporationc:\winnt\system32\drivers\nwlnkspx.sys

+ ParallelParallel Printer DriverMicrosoft Corporationc:\winnt\system32\drivers\parallel.sys

+ ParportParallel Port DriverMicrosoft Corporationc:\winnt\system32\drivers\parport.sys

+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\pci.sys

+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\pciide.sys

+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\winnt\system32\drivers\raspptp.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\winnt\system32\drivers\rasacd.sys

+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\winnt\system32\drivers\rasl2tp.sys

+ RasptiDirect ParallelMicrosoft Corporationc:\winnt\system32\drivers\raspti.sys

+ RCARCA filterMicrosoft Corporationc:\winnt\system32\drivers\rca.sys