我每次打开浏览器每次就有瑞星提示system32\ctfmon.exe进程要改注册表 bbs.ikaka.com

温州茶客 - 2006-7-15 12:21:00

我烦恼我的开机每次打开浏览器的时候，瑞星就提示WINDOWS\system32\ctfmon.exe进程要修改注册表，然后我也拒绝了，可以是以后每次上网都是这样！
下面是信息System Information Collect Tool - Designed By Smallfrogs　　20060714-21:16Windows XP Service Pack 2
Internet Explorer: 6.0.2900.2180******************
Runing Processes information
*****************************************************************
=====================================================
PROCESS NAME: System
-----------------------------------------------------
Process ID = 0x00000004
Thread count= 60
Parent process ID = 0
Modules:
------------------------------------
WARNING: List Process Modules failed with error 8 ()

=====================================================
PROCESS NAME: SMSS.EXE
-----------------------------------------------------
Process ID = 0x000001bc
Thread count= 3
Parent process ID = 4

Modules:
------------------------------------
<N/A> \SystemRoot\System32\smss.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
=====================================================
PROCESS NAME: CSRSS.EXE
-----------------------------------------------------
Process ID = 0x000001ec
Thread count= 10
Parent process ID = 444

Modules:
------------------------------------
<N/A> \??\E:\WINDOWS\system32\csrss.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\CSRSRV.dll
<Microsoft Corporation> E:\WINDOWS\system32\basesrv.dll
<Microsoft Corporation> E:\WINDOWS\system32\winsrv.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\KERNEL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\sxs.dll
=====================================================
PROCESS NAME: winlogon.exe
-----------------------------------------------------
Process ID = 0x00000204
Thread count= 20
Parent process ID = 444
Modules:
------------------------------------
<N/A> \??\E:\WINDOWS\system32\winlogon.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\kernel32.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\AUTHZ.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\CRYPT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSASN1.dll
<Microsoft Corporation> E:\WINDOWS\system32\NDdeApi.dll
<Microsoft Corporation> E:\WINDOWS\system32\PROFMAP.dll
<Microsoft Corporation> E:\WINDOWS\system32\NETAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\USERENV.dll
<Microsoft Corporation> E:\WINDOWS\system32\PSAPI.DLL
<Microsoft Corporation> E:\WINDOWS\system32\REGAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\Secur32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SETUPAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\VERSION.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINSTA.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINTRUST.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMAGEHLP.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2_32.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2HELP.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMM32.DLL
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSGINA.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHELL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHLWAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\COMCTL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\ODBC32.dll
<Microsoft Corporation> E:\WINDOWS\system32\comdlg32.dll
<Microsoft Corporation> E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\odbcint.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHSVCS.dll
<Microsoft Corporation> E:\WINDOWS\system32\sfc.dll
<Microsoft Corporation> E:\WINDOWS\system32\sfc_os.dll
<Microsoft Corporation> E:\WINDOWS\system32\ole32.dll
<Microsoft Corporation> E:\WINDOWS\system32\Apphelp.dll
<Microsoft Corporation> E:\WINDOWS\system32\msctfime.ime
<Microsoft Corporation> E:\WINDOWS\system32\WINSCARD.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WTSAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\sxs.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINMM.dll
<Microsoft Corporation> E:\WINDOWS\system32\uxtheme.dll
<Microsoft Corporation> E:\WINDOWS\system32\cscdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\WlNotify.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINSPOOL.DRV
<Microsoft Corporation> E:\WINDOWS\system32\MPR.dll
<Microsoft Corporation> E:\WINDOWS\system32\rsaenh.dll
<Microsoft Corporation> E:\WINDOWS\system32\SAMLIB.dll
<Microsoft Corporation> E:\WINDOWS\system32\cscui.dll
<Microsoft Corporation> E:\WINDOWS\system32\xpsp2res.dll
<Microsoft Corporation> E:\WINDOWS\system32\NTMARTA.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WLDAP32.dll
<Microsoft Corporation> E:\WINDOWS\system32\msv1_0.dll
<Microsoft Corporation> E:\WINDOWS\system32\iphlpapi.dll
<Microsoft Corporation> E:\WINDOWS\system32\wdmaud.drv
<Microsoft Corporation> E:\WINDOWS\system32\msacm32.drv
<Microsoft Corporation> E:\WINDOWS\system32\MSACM32.dll
<Microsoft Corporation> E:\WINDOWS\system32\midimap.dll
<Microsoft Corporation> E:\WINDOWS\system32\COMRes.dll
<Microsoft Corporation> E:\WINDOWS\system32\OLEAUT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\CLBCATQ.DLL
<Microsoft Corporation> E:\WINDOWS\system32\wbem\wbemprox.dll
<Microsoft Corporation> E:\WINDOWS\system32\wbem\wbemcomn.dll
<Microsoft Corporation> E:\WINDOWS\system32\wbem\wbemsvc.dll
<Microsoft Corporation> E:\WINDOWS\system32\wbem\fastprox.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSVCP60.dll
<Microsoft Corporation> E:\WINDOWS\system32\NTDSAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\DNSAPI.dll

=====================================================
PROCESS NAME: services.exe
-----------------------------------------------------
Process ID = 0x00000230
Thread count= 16
Parent process ID = 516

温州茶客 - 2006-7-15 12:23:00

接上:
-----------------------------------------------------
Process ID = 0x00000230
Thread count= 16
Parent process ID = 516

Modules:
------------------------------------
<Microsoft Corporation> E:\WINDOWS\system32\services.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\kernel32.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\USERENV.dll
<Microsoft Corporation> E:\WINDOWS\system32\SCESRV.dll
<Microsoft Corporation> E:\WINDOWS\system32\AUTHZ.dll
<Microsoft Corporation> E:\WINDOWS\system32\umpnpmgr.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINSTA.dll
<Microsoft Corporation> E:\WINDOWS\system32\NETAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\NCObjAPI.DLL
<Microsoft Corporation> E:\WINDOWS\system32\MSVCP60.dll
<Microsoft Corporation> E:\WINDOWS\system32\ShimEng.dll
<Microsoft Corporation> E:\WINDOWS\AppPatch\AcGenral.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WINMM.dll
<Microsoft Corporation> E:\WINDOWS\system32\ole32.dll
<Microsoft Corporation> E:\WINDOWS\system32\OLEAUT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSACM32.dll
<Microsoft Corporation> E:\WINDOWS\system32\VERSION.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHELL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHLWAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\UxTheme.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMM32.DLL
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\secur32.dll
<Microsoft Corporation> E:\WINDOWS\system32\Apphelp.dll
<Microsoft Corporation> E:\WINDOWS\system32\eventlog.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2_32.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2HELP.dll
<Microsoft Corporation> E:\WINDOWS\system32\PSAPI.DLL
<Microsoft Corporation> E:\WINDOWS\system32\wtsapi32.dll

=====================================================
PROCESS NAME: lsass.exe
-----------------------------------------------------
Process ID = 0x0000023c
Thread count= 17
Parent process ID = 516

Modules:
------------------------------------
<Microsoft Corporation> E:\WINDOWS\system32\lsass.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\kernel32.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\LSASRV.dll
<Microsoft Corporation> E:\WINDOWS\system32\MPR.dll
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSASN1.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\NETAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\NTDSAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\DNSAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2_32.dll
<Microsoft Corporation> E:\WINDOWS\system32\WS2HELP.dll
<Microsoft Corporation> E:\WINDOWS\system32\WLDAP32.dll
<Microsoft Corporation> E:\WINDOWS\system32\Secur32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SAMLIB.dll
<Microsoft Corporation> E:\WINDOWS\system32\SAMSRV.dll
<Microsoft Corporation> E:\WINDOWS\system32\cryptdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\ShimEng.dll
<Microsoft Corporation> E:\WINDOWS\AppPatch\AcGenral.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WINMM.dll
<Microsoft Corporation> E:\WINDOWS\system32\ole32.dll
<Microsoft Corporation> E:\WINDOWS\system32\OLEAUT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSACM32.dll
<Microsoft Corporation> E:\WINDOWS\system32\VERSION.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHELL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHLWAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\USERENV.dll
<Microsoft Corporation> E:\WINDOWS\system32\UxTheme.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMM32.DLL
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\msprivs.dll
<Microsoft Corporation> E:\WINDOWS\system32\kerberos.dll
<Microsoft Corporation> E:\WINDOWS\system32\msv1_0.dll
<Microsoft Corporation> E:\WINDOWS\system32\iphlpapi.dll
<Microsoft Corporation> E:\WINDOWS\system32\netlogon.dll
<Microsoft Corporation> E:\WINDOWS\system32\w32time.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSVCP60.dll
<Microsoft Corporation> E:\WINDOWS\system32\schannel.dll
<Microsoft Corporation> E:\WINDOWS\system32\CRYPT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\wdigest.dll
<Microsoft Corporation> E:\WINDOWS\system32\rsaenh.dll
<Microsoft Corporation> E:\WINDOWS\system32\setupapi.dll
<Microsoft Corporation> E:\WINDOWS\system32\scecli.dll
<Microsoft Corporation> E:\WINDOWS\system32\ipsecsvc.dll
<Microsoft Corporation> E:\WINDOWS\system32\AUTHZ.dll
<Microsoft Corporation> E:\WINDOWS\system32\oakley.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WINIPSEC.DLL
<Microsoft Corporation> E:\WINDOWS\system32\pstorsvc.dll
<Microsoft Corporation> E:\WINDOWS\system32\mswsock.dll
<Microsoft Corporation> E:\WINDOWS\system32\hnetcfg.dll
<Microsoft Corporation> E:\WINDOWS\system32\psbase.dll
<Microsoft Corporation> E:\WINDOWS\System32\wshtcpip.dll
<Microsoft Corporation> E:\WINDOWS\system32\dssenh.dll

=====================================================
PROCESS NAME: svchost.exe

温州茶客 - 2006-7-15 12:26:00

PROCESS NAME: svchost.exe
-----------------------------------------------------
Process ID = 0x000002c8
Thread count= 17
Parent process ID = 560

Modules:
------------------------------------
<Microsoft Corporation> E:\WINDOWS\system32\svchost.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\kernel32.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\ShimEng.dll
<Microsoft Corporation> E:\WINDOWS\AppPatch\AcGenral.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINMM.dll
<Microsoft Corporation> E:\WINDOWS\system32\ole32.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\OLEAUT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSACM32.dll
<Microsoft Corporation> E:\WINDOWS\system32\VERSION.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHELL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHLWAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\USERENV.dll
<Microsoft Corporation> E:\WINDOWS\system32\UxTheme.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMM32.DLL
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\NTMARTA.DLL
<Microsoft Corporation> E:\WINDOWS\system32\WLDAP32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SAMLIB.dll
<Microsoft Corporation> e:\windows\system32\rpcss.dll
<Microsoft Corporation> e:\windows\system32\Secur32.dll
<Microsoft Corporation> e:\windows\system32\WS2_32.dll
<Microsoft Corporation> e:\windows\system32\WS2HELP.dll
<Microsoft Corporation> E:\WINDOWS\system32\xpsp2res.dll
<Microsoft Corporation> E:\WINDOWS\system32\CLBCATQ.DLL
<Microsoft Corporation> E:\WINDOWS\system32\COMRes.dll
<Microsoft Corporation> e:\windows\system32\termsrv.dll
<Microsoft Corporation> e:\windows\system32\ICAAPI.dll
<Microsoft Corporation> e:\windows\system32\SETUPAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINTRUST.dll
<Microsoft Corporation> E:\WINDOWS\system32\CRYPT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSASN1.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMAGEHLP.dll
<Microsoft Corporation> e:\windows\system32\AUTHZ.dll
<Microsoft Corporation> e:\windows\system32\mstlsapi.dll
<Microsoft Corporation> e:\windows\system32\ACTIVEDS.dll
<Microsoft Corporation> e:\windows\system32\adsldpc.dll
<Microsoft Corporation> E:\WINDOWS\system32\NETAPI32.dll
<Microsoft Corporation> e:\windows\system32\ATL.DLL
<Microsoft Corporation> E:\WINDOWS\system32\REGAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\rsaenh.dll
<Microsoft Corporation> E:\WINDOWS\system32\Apphelp.dll

=====================================================
PROCESS NAME: svchost.exe
-----------------------------------------------------
Process ID = 0x00000310
Thread count= 10
Parent process ID = 560

Modules:
------------------------------------
<Microsoft Corporation> E:\WINDOWS\system32\svchost.exe
<Microsoft Corporation> E:\WINDOWS\system32\ntdll.dll
<Microsoft Corporation> E:\WINDOWS\system32\kernel32.dll
<Microsoft Corporation> E:\WINDOWS\system32\ADVAPI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\RPCRT4.dll
<Microsoft Corporation> E:\WINDOWS\system32\ShimEng.dll
<Microsoft Corporation> E:\WINDOWS\AppPatch\AcGenral.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USER32.dll
<Microsoft Corporation> E:\WINDOWS\system32\GDI32.dll
<Microsoft Corporation> E:\WINDOWS\system32\WINMM.dll
<Microsoft Corporation> E:\WINDOWS\system32\ole32.dll
<Microsoft Corporation> E:\WINDOWS\system32\msvcrt.dll
<Microsoft Corporation> E:\WINDOWS\system32\OLEAUT32.dll
<Microsoft Corporation> E:\WINDOWS\system32\MSACM32.dll
<Microsoft Corporation> E:\WINDOWS\system32\VERSION.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHELL32.dll
<Microsoft Corporation> E:\WINDOWS\system32\SHLWAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\USERENV.dll
<Microsoft Corporation> E:\WINDOWS\system32\UxTheme.dll
<Microsoft Corporation> E:\WINDOWS\system32\IMM32.DLL
<Microsoft Corporation> E:\WINDOWS\system32\LPK.DLL
<Microsoft Corporation> E:\WINDOWS\system32\USP10.dll
<Microsoft Corporation> E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
<Microsoft Corporation> E:\WINDOWS\system32\comctl32.dll
<Microsoft Corporation> e:\windows\system32\rpcss.dll
<Microsoft Corporation> e:\windows\system32\Secur32.dll
<Microsoft Corporation> e:\windows\system32\WS2_32.dll
<Microsoft Corporation> e:\windows\system32\WS2HELP.dll
<Microsoft Corporation> E:\WINDOWS\system32\xpsp2res.dll
<Microsoft Corporation> E:\WINDOWS\system32\rsaenh.dll
<Microsoft Corporation> E:\WINDOWS\system32\mswsock.dll
<Microsoft Corporation> E:\WINDOWS\system32\hnetcfg.dll
<Microsoft Corporation> E:\WINDOWS\System32\wshtcpip.dll
<Microsoft Corporation> E:\WINDOWS\system32\DNSAPI.dll
<Microsoft Corporation> E:\WINDOWS\system32\iphlpapi.dll
<Microsoft Corporation> E:\WINDOWS\System32\winrnr.dll
<Microsoft Corporation> E:\WINDOWS\system32\WLDAP32.dll
<CNNIC> E:\WINDOWS\system32\cdnns.dll
<Microsoft Corporation> E:\WINDOWS\system32\Rnr20.dll
<Microsoft Corporation> E:\WINDOWS\system32\rasadhlp.dll
<Microsoft Corporation> E:\WINDOWS\system32\CLBCATQ.DLL
<Microsoft Corporation> E:\WINDOWS\system32\COMRes.dll

=====================================================
PROCESS NAME: CCenter.exe

温州茶客 - 2006-7-15 12:32:00

Local Win32 Service information
*****************************************************************
Alerter [Alerter ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Application Layer Gateway Service [ALG ] <Running>, Binpath = E:\WINDOWS\System32\alg.exe
Application Management [AppMgmt ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Audio [AudioSrv ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Autodesk Licensing Service [Autodesk Licensing Service ] <Running>, Binpath = "E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
Background Intelligent Transfer Service [BITS ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser [Browser ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service [CiSvc ] <Stopped>, Binpath = E:\WINDOWS\system32\cisvc.exe
ClipBook [ClipSrv ] <Stopped>, Binpath = E:\WINDOWS\system32\clipsrv.exe
COM+ System Application [COMSysApp ] <Stopped>, Binpath = E:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Cryptographic Services [CryptSvc ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher [DcomLaunch ] <Running>, Binpath = E:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client [Dhcp ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service [dmadmin ] <Stopped>, Binpath = E:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager [dmserver ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client [Dnscache ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service [ERSvc ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log [Eventlog ] <Running>, Binpath = E:\WINDOWS\system32\services.exe
COM+ Event System [EventSystem ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility [FastUserSwitchingCompatibility ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Help and Support [helpsvc ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Human Interface Device Access [HidServ ] <Stopped>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL [HTTPFilter ] <Stopped>, Binpath =

温州茶客 - 2006-7-15 12:33:00

E:\WINDOWS\System32\svchost.exe -k HTTPFilter
IIS Admin [IISADMIN ] <Running>, Binpath = E:\WINDOWS\system32\inetsrv\inetinfo.exe
IMAPI CD-Burning COM Service [ImapiService ] <Stopped>, Binpath = E:\WINDOWS\system32\imapi.exe
Server [lanmanserver ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation [lanmanworkstation ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper [LmHosts ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Messenger [Messenger ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing [mnmsrvc ] <Stopped>, Binpath = E:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator [MSDTC ] <Stopped>, Binpath = E:\WINDOWS\system32\msdtc.exe
Windows Installer [MSIServer ] <Stopped>, Binpath = E:\WINDOWS\system32\msiexec.exe /V
Network DDE [NetDDE ] <Stopped>, Binpath = E:\WINDOWS\system32\netdde.exe
Network DDE DSDM [NetDDEdsdm ] <Stopped>, Binpath = E:\WINDOWS\system32\netdde.exe
Net Logon [Netlogon ] <Stopped>, Binpath = E:\WINDOWS\system32\lsass.exe
Network Connections [Netman ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) [Nla ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
NT LM Security Support Provider [NtLmSsp ] <Stopped>, Binpath = E:\WINDOWS\system32\lsass.exe
Removable Storage [NtmsSvc ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
P4P Service [P4P Service ] <Running>, Binpath = E:\Program Files\Common Files\Sogou PXP\p2psvr.exe
Plug and Play [PlugPlay ] <Running>, Binpath = E:\WINDOWS\system32\services.exe
IPSEC Services [PolicyAgent ] <Running>, Binpath = E:\WINDOWS\system32\lsass.exe
Protected Storage [ProtectedStorage ] <Running>, Binpath = E:\WINDOWS\system32\lsass.exe
Remote Access Auto Connection Manager [RasAuto ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager [RasMan ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager [RDSessMgr ] <Stopped>, Binpath = E:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access [RemoteAccess ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Registry [RemoteRegistry ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) Locator [RpcLocator ] <Stopped>, Binpath = E:\WINDOWS\system32\locator.exe
Remote Procedure Call (RPC) [RpcSs ] <Running>, Binpath = E:\WINDOWS\system32\svchost -k rpcss
Rising Process Communication Center [RsCCenter ] <Running>, Binpath = "E:\Program Files\Rising\Rav\CCenter.exe"
RsRavMon Service [RsRavMon ] <Running>, Binpath = "E:\Program Files\Rising\Rav\Ravmond.exe"
QoS RSVP [RSVP ] <Stopped>, Binpath = E:\WINDOWS\system32\rsvp.exe
Security Accounts Manager [SamSs ] <Running>, Binpath = E:\WINDOWS\system32\lsass.exe
Smart Card [SCardSvr ] <Stopped>, Binpath = E:\WINDOWS\System32\SCardSvr.exe
Task Scheduler [Schedule ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon [seclogon ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification [SENS ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) [SharedAccess ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection [ShellHWDetection ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Simple Mail Transfer Protocol (SMTP) [SMTPSVC ] <Running>, Binpath = E:\WINDOWS\system32\inetsrv\inetinfo.exe
Print Spooler [Spooler ] <Running>, Binpath = E:\WINDOWS\system32\spoolsv.exe
System Restore Service [srservice ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service [SSDPSRV ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) [stisvc ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider [SwPrv ] <Stopped>, Binpath = E:\WINDOWS\system32\dllhost.exe /Processid:{9D185B72-BFE1-4887-B787-F07192E06BA7}
Performance Logs and Alerts [SysmonLog ] <Stopped>, Binpath = E:\WINDOWS\system32\smlogsvc.exe
Telephony [TapiSrv ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services [TermService ] <Running>, Binpath = E:\WINDOWS\System32\svchost -k DComLaunch
Themes [Themes ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet [TlntSvr ] <Stopped>, Binpath = E:\WINDOWS\system32\tlntsvr.exe
Distributed Link Tracking Client [TrkWks ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host [upnphost ] <Stopped>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Uninterruptible Power Supply [UPS ] <Stopped>, Binpath = E:\WINDOWS\System32\ups.exe
Volume Shadow Copy [VSS ] <Stopped>, Binpath = E:\WINDOWS\System32\vssvc.exe
Windows Time [W32Time ] <Running>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
World Wide Web Publishing [W3SVC ] <Running>, Binpath = E:\WINDOWS\system32\inetsrv\inetinfo.exe
WebClient [WebClient ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation [winmgmt ] <Running>, Binpath = E:\WINDOWS\system32\svchost.exe -k netsvcs
Portable Media Serial Number Service [WmdmPmSN ] <Stopped>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions [Wmi ] <Stopped>, Binpath = E:\WINDOWS\System32\svchost.exe -k netsvcs

温州茶客 - 2006-7-15 12:35:00

Boot items in Registry
*****************************************************************
------------------------------------------------------------
0：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
ctfmon.exe……E:\WINDOWS\system32\ctfmon.exe
------------------------------------------------------------
1：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
------------------------------------------------------------
2：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
3：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
------------------------------------------------------------
------------------------------------------------------------
4：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
------------------------------------------------------------
------------------------------------------------------------
5：HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows 键值名称:load
------------------------------------------------------------
------------------------------------------------------------
6：HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows 键值名称:run
------------------------------------------------------------
------------------------------------------------------------
7：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 键值名称:Shell
------------------------------------------------------------
------------------------------------------------------------
8：HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
9：HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
rfw……E:\Program Files\rising\Rfw\Rfw.exe
NeroCheck……E:\WINDOWS\system32\NeroCheck.exe
RavTask……"E:\Program Files\Rising\Rav\RavTask.exe" -system
------------------------------------------------------------
10：HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
------------------------------------------------------------
11：HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
12：HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
------------------------------------------------------------
------------------------------------------------------------
13：HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
------------------------------------------------------------
------------------------------------------------------------
14：HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
15：HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 键值名称:Shell
------------------------------------------------------------
Shell……Explorer.exe
------------------------------------------------------------
16：HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 键值名称:Userinit
------------------------------------------------------------
Userinit……userinit.exe,
------------------------------------------------------------
17：HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows 键值名称:AppInit_DLLs
------------------------------------------------------------
AppInit_DLLs……

*****************************************************************
File association information
*****************************************************************
------------------------------------------------------------
0：HKEY_CLASSES_ROOT\.exe
------------------------------------------------------------
<DEFAULT> = exefile, 正常！
------------------------------------------------------------
1：HKEY_CLASSES_ROOT\exefile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常！
------------------------------------------------------------
2：HKEY_CLASSES_ROOT\exefile\shell\runas\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常！
------------------------------------------------------------
3：HKEY_CLASSES_ROOT\.txt
------------------------------------------------------------
<DEFAULT> = txtfile, 正常！
------------------------------------------------------------
4：HKEY_CLASSES_ROOT\txtfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = E:\WINDOWS\NOTEPAD.EXE %1, 不正常！正常值：%SystemRoot%\system32\NOTEPAD.EXE %1。请使用RegFix修复关联！软件可以到 http://www.KZTechs.com 下载。
------------------------------------------------------------
5：HKEY_CLASSES_ROOT\.reg
------------------------------------------------------------
<DEFAULT> = regfile, 正常！
------------------------------------------------------------
6：HKEY_CLASSES_ROOT\regfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = regedit.exe "%1", 正常！
------------------------------------------------------------
7：HKEY_CLASSES_ROOT\.bat
------------------------------------------------------------
<DEFAULT> = batfile, 正常！
------------------------------------------------------------
8：HKEY_CLASSES_ROOT\batfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常！
------------------------------------------------------------
9：HKEY_CLASSES_ROOT\.com
------------------------------------------------------------
<DEFAULT> = comfile, 正常！
------------------------------------------------------------
10：HKEY_CLASSES_ROOT\comfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常！
------------------------------------------------------------
11：HKEY_CLASSES_ROOT\.scr
------------------------------------------------------------
<DEFAULT> = scrfile, 正常！
------------------------------------------------------------
12：HKEY_CLASSES_ROOT\scrfile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" /S, 正常！
------------------------------------------------------------
13：HKEY_CLASSES_ROOT\.pif
------------------------------------------------------------
<DEFAULT> = piffile, 正常！
------------------------------------------------------------
14：HKEY_CLASSES_ROOT\piffile\shell\open\command
------------------------------------------------------------
<DEFAULT> = "%1" %*, 正常！

瑞星卡卡安全论坛