baohe斑竹关于昨天下午你的回复 bbs.ikaka.com

三醉 - 2006-5-29 13:28:00

以下是重起机子后的日志，以及Hijackthis对artm_new.dll解释的截图
-----------------------------------------------------------
当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
E:\程序\HijackThis1\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\System32\xunleibho_v5.dll
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O8 - IE右键菜单中的新增项目： &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目： &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目：上传到QQ网络硬盘 - E:\程序\tec\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目：导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目：添加到QQ自定义面板 - E:\程序\tec\AddPanel.htm
O8 - IE右键菜单中的新增项目：添加到QQ表情 - E:\程序\tec\AddEmotion.htm
O8 - IE右键菜单中的新增项目：用QQ彩信发送该图片 - E:\程序\tec\SendMMS.htm
O9 - 浏览器额外的按钮： Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项： Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮：易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项：易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

附件: 5261942006529132840.jpg

三醉 - 2006-5-29 14:30:00

第一张截图还有一半显示不出得输入连接打开

轩辕小聪 - 2006-5-29 15:08:00

晕，之前刚见到一例（http://forum.ikaka.com/topic.asp?board=28&artid=8076702）
现在看来，如果那个dll文件竟能抢在SSM之前加载，那真的是相当麻烦，恐怕只能进DOS了。

baohe - 2006-5-29 15:24:00

【回复“三醉”的帖子】
既然如此，可以尝试用KillBox强行删除C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll。
注意：选择“替换删除”（见附图）

附件: 1558472006529152455.jpg

三醉 - 2006-5-29 16:36:00

引用:

【轩辕小聪的贴子】晕，之前刚见到一例（http://forum.ikaka.com/topic.asp?board=28&artid=8076702）
现在看来，如果那个dll文件竟能抢在SSM之前加载，那真的是相当麻烦，恐怕只能进DOS了。
...........................

小聪，我看你你发的网址，我就是中这个，一直显示邮件接收，不知道你和baohe斑竹能不能找到这个病毒的样本研究下杀法，感觉最近好多人中这个

baohe - 2006-5-29 17:05:00

引用:

【三醉的贴子】

小聪，我看你你发的网址，我就是中这个，一直显示邮件接收，不知道你和baohe斑竹能不能找到这个病毒的样本研究下杀法，感觉最近好多人中这个
...........................

如果你有该病毒的.exe文件，请打包发给我：baohelin@yahoo.com.cn

三醉 - 2006-5-29 17:39:00

BAOHE 斑竹，我没留这个病毒的文件，刚才artm_new.dll已经用killbox删了，但是依然会出现一个问题。当网线接上去的时候，就自动跳出邮件接收，多达上百个。这个好迷惘，不知有什么办法查杀不

baohe - 2006-5-29 17:43:00

【回复“三醉”的帖子】
请贴一个SREng或autoruns的日志看看。

三醉 - 2006-5-29 17:45:00

还有一个：开机后，SSM进程监控下显示一条：
program files\internet iexplore\iexplore.exe
但是我并未开任何网页

三醉 - 2006-5-29 17:47:00

引用:

【baohe的贴子】【回复“三醉”的帖子】
请贴一个SREng或autoruns的日志看看。
...........................

这2个是软件吧。论坛有下载吗？我去找找

baohe - 2006-5-29 17:49:00

引用:

【三醉的贴子】还有一个：开机后，SSM进程监控下显示一条：
program files\internet iexplore\iexplore.exe
但是我并未开任何网页
...........................

有木马插入了IE浏览器吧。
鸽子的可能性较大。

三醉 - 2006-5-30 8:59:00

baohe斑竹以下是日志：

三醉 - 2006-5-30 9:02:00

hijackthis日志
当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\RavMon.exe
E:\程序\HijackThis1\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\System32\xunleibho_v5.dll
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O8 - IE右键菜单中的新增项目： &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目： &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目：上传到QQ网络硬盘 - E:\程序\tec\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目：导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目：添加到QQ自定义面板 - E:\程序\tec\AddPanel.htm
O8 - IE右键菜单中的新增项目：添加到QQ表情 - E:\程序\tec\AddEmotion.htm
O8 - IE右键菜单中的新增项目：用QQ彩信发送该图片 - E:\程序\tec\SendMMS.htm
O9 - 浏览器额外的按钮： Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项： Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮：易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项：易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

三醉 - 2006-5-30 9:11:00

SRENG日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\System32\xunleibho_v5.dll, >
[]
{06849E9F-C8D7-4D59-B87D-784B7D6BE083} <C:\WINNT\system\ctldlg32.dll, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<E:\程序\tec\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\程序\tec\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\程序\tec\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\程序\tec\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2170.1>
[PID: 168][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2137.1>
[PID: 164][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2182.1>
[C:\WINNT\system32\SSMWinlogonEx.dll] <System Safety Limited><2.0.7.570>
[PID: 216][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2191.1.296.2>
[PID: 228][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2184.1>
[PID: 380][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 26>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 4>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 392][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 436][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 460][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 496][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2161.1>
[PID: 536][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 572][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2155.1>
[PID: 588][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2137.1>
[PID: 652][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0001>
[PID: 796][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1064][C:\WINNT\Explorer.exe] <Microsoft Corporation><5.00.2920.0000>
[C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINNT\System32\xunleibho_v5.dll] <><4, 3, 3, 30>
[C:\WINNT\system\ctldlg32.dll] <N/A><N/A>
[PID: 920][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1080][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 15>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[PID: 292][C:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1040][E:\程序\HijackThis1\HijackThis1991汉化版\HijackThis1991zww.exe] <Soeperman Enterprises Ltd.><1.99.0001>
[C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1392][E:\程序\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

三醉 - 2006-5-30 9:14:00

autoruns日志：HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ Class Install HandlerOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ deflateOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gzipOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ lzdhtmlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ text/webviewhtmlWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ aboutMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ cdlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ cdoMicrosoft SharePoint Portal Server Object ModelMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\pkmcdo.dll

+ fileOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ftpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gopherOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpsOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ javascriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ localOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ mailtoMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ mhtmlMicrosoft Internet Messaging APIMicrosoft Corporationc:\winnt\system32\inetcomm.dll

+ mkOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ms-itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ mso-offdapMicrosoft Office XP Web ComponentsMicrosoft Corporationc:\program files\common files\microsoft shared\web components\10\owc10.dll

+ resMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ sysimageMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vbscriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vnd.ms.radioWindows Media Player 2 ActiveX ControlMicrosoft Corporationc:\winnt\system32\msdxm.ocx

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

三醉 - 2006-5-30 9:17:00

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ .CAB file viewerCabinet File Viewer Shell ExtensionMicrosoft Corporationc:\winnt\system32\cabview.dll

+ ActiveDesktopWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ ActiveX 高速缓存文件夹Object Control ViewerMicrosoft Corporationc:\winnt\system32\occache.dll

+ BandProxyShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Briefcase FolderWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ CDF Extension Copy HookShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Channel MenuChannel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ Channel PropertiesChannel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ CmdFileIconWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Code Download AgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ ConnectionAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ Crypto PKO ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\winnt\system32\cryptext.dll

+ Crypto Sign ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\winnt\system32\cryptext.dll

+ Darwin App PublisherShell Application ManagerMicrosoft Corporationc:\winnt\system32\appwiz.cpl

+ Directory Context Menu VerbsDirectory Service Common UIMicrosoft Corporationc:\winnt\system32\dsuiext.dll

+ Directory NamespaceDirectory Service UIMicrosoft Corporationc:\winnt\system32\dsfolder.dll

+ Directory Object FindDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Directory Property UIDirectory Service Common UIMicrosoft Corporationc:\winnt\system32\dsuiext.dll

+ Directory Query UIDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Directory Start/Search FindDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Disk Copy ExtensionWindows DiskCopyMicrosoft Corporationc:\winnt\system32\diskcopy.dll

+ Disk Quota UIWindows Shell Disk Quota UI DLLMicrosoft Corporationc:\winnt\system32\dskquoui.dll

+ Display Adapter CPL ExtensionAdvanced display adapter propertiesMicrosoft Corporationc:\winnt\system32\deskadp.dll

+ Display Control Panel HTML ExtensionsWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Display Monitor CPL ExtensionAdvanced display monitor propertiesMicrosoft Corporationc:\winnt\system32\deskmon.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

三醉 - 2006-5-30 9:18:00

+ Display TroubleShoot CPL ExtensionAdvanced display performance propertiesMicrosoft Corporationc:\winnt\system32\deskperf.dll

+ DS Security PageDirectory Service Security UIMicrosoft Corporationc:\winnt\system32\dssec.dll

+ Favorites BandShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ File Property Page ExtensionWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ File Types PageWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Folder Options Property Page ExtensionWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ HTML 缩略图的解压缩程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ ICC 配置文件Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 打印机管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 监视器管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 扫描仪管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ IE4 套件初始屏幕Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Installed Apps EnumeratorShell Application ManagerMicrosoft Corporationc:\winnt\system32\appwiz.cpl

+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet Name SpaceShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ InternetShortcutShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ ISFBand OCShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ IShellFolderBandShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ LNK 文件缩略图接口代理程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ Microsoft AutoCompleteShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft Browser ArchitectureShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft BrowserBandShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft CopyTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Internet 工具栏Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft MoveTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft New Object ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Office HTML Icon HandlerMicrosoft Office XP componentMicrosoft Corporationc:\program files\microsoft office\office10\msohev.dll

+ Microsoft SendTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Url History 服务Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft Url 搜索挂接Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft 多个自动完成列表容器Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft 历史自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft 外壳文件夹自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ MIME File Types HookWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ MMC Icon HandlerMMC Shell Extension DLLMicrosoft Corporationc:\winnt\system32\mmcshext.dll

+ MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Multimedia File Property SheetControl Panel Drivers AppletMicrosoft Corporationc:\winnt\system32\mmsys.cpl

+ MyDocs Copy HookMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs Drop TargetMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs FolderMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs PropertiesMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ NTFS Security PageSecurity Shell ExtensionMicrosoft Corporationc:\winnt\system32\rshx32.dll

+ Office 图形筛选器缩略图的解压缩程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ Offline Files Folder OptionsClient Side Caching UIMicrosoft Corporationc:\winnt\system32\cscui.dll

+ Offline Files MenuClient Side Caching UIMicrosoft Corporationc:\winnt\system32\cscui.dll

+ OLE Docfile Property PageOLE DocFile Property PageMicrosoft Corporationc:\winnt\system32\docprop.dll

+ Open With Context Menu HandlerWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ PlusPack CPL ExtensionEffects Control Panel extensionMicrosoft Corporationc:\winnt\system32\plustab.dll

+ PostAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

三醉 - 2006-5-30 9:19:00

+ Printers Security PageSecurity Shell ExtensionMicrosoft Corporationc:\winnt\system32\rshx32.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ Search Assistant OCShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Sendmail serviceSend MailMicrosoft Corporationc:\winnt\system32\sendmail.dll

+ Sendmail serviceSend MailMicrosoft Corporationc:\winnt\system32\sendmail.dll

+ Shell Application ManagerShell Application ManagerMicrosoft Corporationc:\winnt\system32\appwiz.cpl

+ Shell Automation Folder ViewWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Shell Automation Inproc ServiceShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Shell Automation ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Shell Band Site MenuShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Shell DocObject ViewerShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Shell Drag and Drop helperWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Shell extensions for Microsoft Windows Network objectsNetwork object shell UIMicrosoft Corporationc:\winnt\system32\ntlanui2.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\winnt\system32\ntshrui.dll

+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\winnt\system32\ntshrui.dll

+ Shell Favorite FolderWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Shell properties for a DS objectDirectory Service UIMicrosoft Corporationc:\winnt\system32\dsfolder.dll

+ Shell Scrap DataHandlerShell scrap object handlerMicrosoft Corporationc:\winnt\system32\shscrap.dll

+ Subscription MgrWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ Tasks Folder Icon HandlerTask Scheduler interface DLLMicrosoft Corporationc:\winnt\system32\mstask.dll

+ Tasks Folder Shell ExtensionTask Scheduler interface DLLMicrosoft Corporationc:\winnt\system32\mstask.dll

+ TrayAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ TridentImageExtractorShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll

+ Web Printer Shell ExtensionPrint UI DLLMicrosoft Corporationc:\winnt\system32\printui.dll

+ Web 搜索Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ WebCheck SyncMgr HandlerWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ WebCheckChannelAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ WebCheckWebCrawlerWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ Windows Script Host 的外壳扩展Microsoft (r) Shell Extension for Windows Script HostMicrosoft Corporationc:\winnt\system32\wshext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ 补充的外壳文件夹Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 补充的外壳文件夹 2Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 菜单条Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 菜单外壳文件夹Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 菜单站点Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 菜单桌面栏Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 窗格中的搜索Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 地址 EditBoxShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 地址(&A)Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 地址条解析程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 跟踪弹出栏Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 跟踪外壳菜单Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 公文包Windows BriefcaseMicrosoft Corporationc:\winnt\system32\syncui.dll

三醉 - 2006-5-30 9:20:00

+ 将加密项添加到资源管理器的上下文菜单中Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ 开始菜单Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ 可访问的Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 历史记录Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ 链接(&L)Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 媒体区Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 频道句柄对象Channel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ 频道快捷方式Channel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ 频道文件Channel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ 全局文件夹设置Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 任务计划Task Scheduler interface DLLMicrosoft Corporationc:\winnt\system32\mstask.dll

+ 搜索区Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 缩略图Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ 脱机文件夹Client Side Caching UIMicrosoft Corporationc:\winnt\system32\cscui.dll

+ 外壳 DeskBarShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 外壳 DeskBarAppShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 外壳 Rebar BandSiteShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 网络和拨号连接Network Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ 微缩图图像Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 文件夹快捷方式Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ 我的电脑Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ 下载状态Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 已装好的卷Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ 用户(&P)...Find PeopleMicrosoft Corporationc:\program files\outlook express\wabfind.dll

+ 用户帮助Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 预订文件夹Web Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ 摘要信息缩略图处理程序(DOCFILES)Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ 注册数目路选项实用程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 自定义 MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 字体Windows Font FolderMicrosoft Corporationc:\winnt\system32\fontext.dll

+ 浏览器栏Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Fax Tiff Data Column ProviderFax Tiff Data Column ProviderMicrosoft Corporationc:\winnt\system32\faxshell.dll

+ ShAVColumnProvider classDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ Version Column ProviderDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ ThunderIEHelper Classxunleibho Modulec:\winnt\system32\xunleibho_v5.dll

+ {06849E9F-C8D7-4D59-B87D-784B7D6BE083}c:\winnt\system\ctldlg32.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

三醉 - 2006-5-30 9:21:00

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ msdxm.ocxWindows Media Player 2 ActiveX ControlMicrosoft Corporationc:\winnt\system32\msdxm.ocx

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ @shdoclc.dll,-864c:\winnt\web\related.htm

+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=1

HKLM\System\CurrentControlSet\Services

+ Browser维护网络上计算机的最新列表以及提供这个列表给请求的程序。Microsoft Corporationc:\winnt\system32\services.exe

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\winnt\system32\services.exe

+ dmserver逻辑磁盘管理器监视狗服务Microsoft Corporationc:\winnt\system32\services.exe

+ Dnscache解析和缓冲域名系统 (DNS) 名称。Microsoft Corporationc:\winnt\system32\services.exe

+ Eventlog记录程序和 Windows 发送的事件消息。事件日志包含对诊断问题有所帮助的信息。您可以在“事件查看器”中查看报告。Microsoft Corporationc:\winnt\system32\services.exe

+ lanmanserver提供 RPC 支持、文件、打印以及命名管道共享。Microsoft Corporationc:\winnt\system32\services.exe

+ LanmanWorkstation提供网络链结和通讯。Microsoft Corporationc:\winnt\system32\services.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\winnt\system32\services.exe

+ Messenger发送和接收系统管理员或者“警报器”服务传递的消息。Microsoft Corporationc:\winnt\system32\services.exe

+ NtmsSvc管理可移动媒体、驱动程序和库。Microsoft Corporationc:\winnt\system32\svchost.exe

+ PlugPlay管理设备安装以及配置，并且通知程序关于设备更改的情况。Microsoft Corporationc:\winnt\system32\services.exe

+ PolicyAgent管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。Microsoft Corporationc:\winnt\system32\lsass.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\winnt\system32\services.exe

+ RemoteRegistry允许远程注册表操作。Microsoft Corporationc:\winnt\system32\regsvc.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\winnt\system32\lsass.exe

+ Schedule允许程序在指定时间运行。Microsoft Corporationc:\winnt\system32\mstask.exe

+ seclogon在不同凭据下启用启动过程Microsoft Corporationc:\winnt\system32\services.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\winnt\system32\svchost.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\winnt\system32\spoolsv.exe

+ TrkWks当文件在网络域的 NTFS 卷中移动时发送通知。Microsoft Corporationc:\winnt\system32\services.exe

+ WinMgmt提供系统管理信息。Microsoft Corporationc:\winnt\system32\wbem\winmgmt.exe

HKLM\System\CurrentControlSet\Services

+ ACPIACPI Driver for NTMicrosoft Corporationc:\winnt\system32\drivers\acpi.sys

+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\winnt\system32\drivers\afd.sys

+ AsyncMacRAS Asynchronous Media DriverMicrosoft Corporationc:\winnt\system32\drivers\asyncmac.sys

+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\winnt\system32\drivers\atapi.sys

+ AtmarpcATM ARP Client ProtocolMicrosoft Corporationc:\winnt\system32\drivers\atmarpc.sys

+ audstubAudStub DriverMicrosoft Corporationc:\winnt\system32\drivers\audstub.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\winnt\system32\drivers\basetdi.sys

+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\winnt\system32\drivers\cdrom.sys

+ cs429xCrystal AC9x WDM DriverCirrus Logic, Inc.c:\winnt\system32\drivers\cwawdm.sys

+ DiskPnP Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\disk.sys

三醉 - 2006-5-30 9:21:00

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys

+ DMusicMicrosoft DirectMusic Software Synthesizer (WDM)Microsoft Corporationc:\winnt\system32\drivers\dmusic.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\fdc.sys

+ FlpydiskFloppy DriverMicrosoft Corporationc:\winnt\system32\drivers\flpydisk.sys

+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\winnt\system32\drivers\fsvga.sys

+ FtdiskFT Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\ftdisk.sys

+ FwDrvnt_fwdrvRisingc:\program files\rising\rfw\fwdrv.sys

+ gameenumGame Port EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\gameenum.sys

+ GpcGeneric Packet ClassifierMicrosoft Corporationc:\winnt\system32\drivers\msgpc.sys

+ hidusbUSB Miniport Driver for Input DevicesMicrosoft Corporationc:\winnt\system32\drivers\hidusb.sys

+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ i8042prti8042 Port DriverMicrosoft Corporationc:\winnt\system32\drivers\i8042prt.sys

+ i81xMiniport Driver for Intel(R) 810 Chipset Graphics DriverIntel Corporationc:\winnt\system32\drivers\i81xnt5.sys

+ ichaudIntegrated Controller Hub Audio Driver (WDM)Microsoft Corporationc:\winnt\system32\drivers\ichaud.sys

+ IpFilterDriverIP Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\ipfltdrv.sys

+ IpInIpIP in IP Tunnel DriverMicrosoft Corporationc:\winnt\system32\drivers\ipinip.sys

+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\winnt\system32\drivers\ipnat.sys

+ IPSECIPSEC driverMicrosoft Corporationc:\winnt\system32\drivers\ipsec.sys

+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\isapnp.sys

+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\winnt\system32\drivers\kbdclass.sys

+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\winnt\system32\drivers\kmixer.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ MouclassMouse Class DriverMicrosoft Corporationc:\winnt\system32\drivers\mouclass.sys

+ mouhidHID Mouse Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\mouhid.sys

+ ms_mpu401MPU401 Adapter DriverMicrosoft Corporationc:\winnt\system32\drivers\msmpu401.sys

+ MSKSSRVMS KS ServerMicrosoft Corporationc:\winnt\system32\drivers\mskssrv.sys

+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\winnt\system32\drivers\mspclock.sys

+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\winnt\system32\drivers\mspqm.sys

+ NdisTapiRemote Access NDIS TAPI DriverMicrosoft Corporationc:\winnt\system32\drivers\ndistapi.sys

+ NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\winnt\system32\drivers\ndiswan.sys

+ NetBTNetBios over TcpipMicrosoft Corporationc:\winnt\system32\drivers\netbt.sys

+ NetDetectNetwork Card Detection driverMicrosoft Corporationc:\winnt\system32\drivers\netdtect.sys

+ NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkflt.sys

+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkfwd.sys

+ ParallelParallel Printer DriverMicrosoft Corporationc:\winnt\system32\drivers\parallel.sys

+ ParportParallel Port DriverMicrosoft Corporationc:\winnt\system32\drivers\parport.sys

+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\pci.sys

+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\pciide.sys

+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\winnt\system32\drivers\raspptp.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\winnt\system32\drivers\rasacd.sys

+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\winnt\system32\drivers\rasl2tp.sys

+ RasptiDirect ParallelMicrosoft Corporationc:\winnt\system32\drivers\raspti.sys

三醉 - 2006-5-30 9:22:00

+ RCARCA filterMicrosoft Corporationc:\winnt\system32\drivers\rca.sys

+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\redbook.sys

+ rtl8139NDIS 5.0 driver Realtek Semiconductor Corporation c:\winnt\system32\drivers\rtl8139.sys

+ safemonSystem Safety Monitor 2.0 extension for Windows security layerSystem Safety Limitedc:\winnt\system32\drivers\safemon.sys

+ serenumSerial Port EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\serenum.sys

+ SerialSerial Device DriverMicrosoft Corporationc:\winnt\system32\drivers\serial.sys

+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\swenum.sys

+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\winnt\system32\drivers\swmidi.sys

+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\winnt\system32\drivers\sysaudio.sys

+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\winnt\system32\drivers\tcpip.sys

+ uhcdUniversal Host Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\uhcd.sys

+ UpdateUpdate DriverMicrosoft Corporationc:\winnt\system32\drivers\update.sys

+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\winnt\system32\drivers\usbhub.sys

+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\winnt\system32\drivers\usbstor.sys

+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\winnt\system32\drivers\vga.sys

+ WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\winnt\system32\drivers\wanarp.sys

+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\winnt\system32\drivers\wdmaud.sys

+ wdpnpWinDriver plug and play stub Driver 5.05Jungoc:\winnt\system32\drivers\wdpnp.sys

+ WindriverWinDriver Device Driver 4.32Jungoc:\winnt\system32\drivers\windrvr.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\winnt\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\winnt\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\winnt\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\winnt\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\winnt\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\winnt\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\winnt\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\winnt\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\winnt\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\winnt\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\winnt\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\winnt\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\winnt\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ user32Windows 2000 USER API Client DLLMicrosoft Corporationc:\winnt\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\winnt\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\winnt\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\winnt\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

三醉 - 2006-5-30 9:23:00

+ crypt32chainCrypto API32Microsoft Corporationc:\winnt\system32\crypt32.dll

+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\winnt\system32\cryptnet.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\winnt\system32\cscdll.dll

+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\winnt\system32\sclgntfy.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\winnt\system32\wlnotify.dll

+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safety Limitedc:\winnt\system32\ssmwinlogonex.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ (无)File not found: (无)

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD AppleTalk [ADSP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [ADSP] [Pseudo Stream]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [PAP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [RTMP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [ZIP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C51DB8F-45DF-4007-BBF6-DA71F61CCB17}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C51DB8F-45DF-4007-BBF6-DA71F61CCB17}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{932F4A4B-4E74-4B22-A10F-AC4566816612}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{932F4A4B-4E74-4B22-A10F-AC4566816612}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8270259-6824-4AF0-B2F2-618A498AB6E0}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8270259-6824-4AF0-B2F2-618A498AB6E0}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\winnt\system32\cnbjmon.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\winnt\system32\localspl.dll

+ PJL Language MonitorSpooler Setup DLLMicrosoft Corporationc:\winnt\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\winnt\system32\tcpmon.dll

+ USB MonitorStandard USB printing Port Monitor DLLMicrosoft Corporationc:\winnt\system32\usbmon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

+ scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\winnt\system32\scecli.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

+ kerberosKerberos Security PackageMicrosoft Corporationc:\winnt\system32\kerberos.dll

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll

+ schannelTLS / SSL Security Provider (US/Canada Only, Not for Export)Microsoft Corporationc:\winnt\system32\schannel.dll

三醉 - 2006-5-30 9:24:00

瑞星卡卡安全论坛