我的电脑又中毒了，请大家帮忙！ bbs.ikaka.com

艾微儿 - 2006-11-12 16:51:00

这个是刚扫描的日志：

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 16:39:18, 日期 2006-11-12
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\internat.exe
C:\Program Files\VnetClient1.6\VnetClient.exe
E:\Program Files\Maxthon\Max.exe
E:\Software\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\VNETCL~1.6\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: 珊瑚虫超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] E:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /FIRST
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [PDF Converter Registry Controller] "E:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - 启动项HKLM\\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - 启动项HKLM\\Run: [EPSON ME 1] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P10 "EPSON ME 1" /O6 "USB001" /M "ME 1"
O4 - 启动项HKLM\\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - 启动项HKLM\\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - 启动项HKLM\\Run: [uewkoz67] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\uewkoz67.dll,DllCanUnloadNow
O4 - 启动项HKCU\\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: 添加到新浪点点通阅读器 - res://E:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js
O8 - IE右键菜单中的新增项目: Open PDF in Word - res://E:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - E:\PROGRA~1\KUGOO\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 珊瑚虫超级搜索 - C:\PROGRA~1\yok\yoksch.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4768EDBF-04A3-4F25-BF88-D60C6AFC96EE} (WebTreeView.WebTree) - http://www.cmr.com.cn/specls/cls/010201ZK002B/left/WebTreeView.CAB
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {60B33001-5F10-4A94-A7E4-77A3D8F5C78E} (OnAirClient Control) - http://ionair.sbs.co.kr/onair/OnAirClient.cab
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (TMofileUploadX Control) - http://bootes.mofile.com/upload/UploadFX.CAB
O16 - DPF: {742FCBC2-1DA1-40C9-B8CE-7AE456142AD9} (Alterpackage Control) - http://www.cmr.com.cn/rdcenter/newweb/alter.cab
O16 - DPF: {8CC55BB0-E742-4206-8DC9-EEF6A690B73E} (Kincent Q.Audio Control Class) - http://v1a.beiwaionline.com/bw/qaudiobeiwai.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} (clienttime.client) - http://www.time.ac.cn/times/client.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cmr.china-webex.com/client/T20L10N/training/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{326469D7-63B7-4E8C-A1D8-60C7ADEE9927}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F12D459-B8AC-41B8-83E7-4718A627FE0E}: NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{326469D7-63B7-4E8C-A1D8-60C7ADEE9927}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{326469D7-63B7-4E8C-A1D8-60C7ADEE9927}: NameServer = 192.168.0.1
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: Peanut Hull Client Service - Vavic Network Technology Inc. - E:\Program Files\PeanutHull\PHSvc.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe

艾微儿 - 2006-11-12 16:56:00

O4 - 启动项HKLM\\Run: [uewkoz67] C:\WINNT\system32\rundll32.exe

启动项中，我觉这项有问题，但我用HijackThis_zwww修复重启后还是一样。在安全模式中修复也是一样。请问我要怎么杀这个病毒才好？？

高歌猛进 - 2006-11-12 17:04:00

用HJ修复后,进硬盘将这个文件删除

艾微儿 - 2006-11-12 17:05:00

引用:

【高歌猛进的贴子】用HJ修复后,进硬盘将这个文件删除
………………

谢谢这位朋友。
这个试过，但杀不了。。
说什么源程序正在运用。。

红夜鬼1 - 2006-11-12 17:10:00

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

高歌猛进 - 2006-11-12 17:13:00

修复后删除:
C:\WINNT\system32\uewkoz67.dll

高歌猛进 - 2006-11-12 17:14:00

修复后删除:
C:\WINNT\system32\uewkoz67.dll

6981313 - 2006-11-12 17:21:00

引用:

【艾微儿的贴子】O4 - 启动项HKLM\\Run: [uewkoz67] C:\WINNT\system32\rundll32.exe

启动项中，我觉这项有问题，但我用HijackThis_zwww修复重启后还是一样。在安全模式中修复也是一样。请问我要怎么杀这个病毒才好？？
………………

这个没问题吧!

艾微儿 - 2006-11-12 18:24:00

引用:

【红夜鬼1的贴子】请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

………………

下载了这个工具后却扫描失败。。晕。。

水树雨下 - 2006-11-12 18:27:00

怎么失败？无法运行的话把后缀改成.com运行

红夜鬼1 - 2006-11-12 18:28:00

把SREng2.EXE改为SREng2.COM

艾微儿 - 2006-11-12 18:34:00

引用:

【水树雨下的贴子】怎么失败？无法运行的话把后缀改成.com运行
………………

产生错误，被windows关闭，改了后缀还是一样。。
怎么办？

艾微儿 - 2006-11-12 18:39:00

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CnsMinRun a DLL as an AppMicrosoft Corporationc:\winnt\system32\rundll32.exe

+ Configuration LoaderFile not found: ;

+ DAEMON Tools-2052Virtual DAEMON ManagerDAEMON'S HOMEc:\program files\d-tools\daemon.exe

+ EPSON ME 1EPSON Status Monitor 3SEIKO EPSON CORPORATIONc:\winnt\system32\spool\drivers\w32x86\3\e_s4i3w1.exe

+ helper.dllRun a DLL as an AppMicrosoft Corporationc:\winnt\system32\rundll32.exe

+ InCDc:\program files\ahead\incd\incd.exe

+ KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe

+ Microsoft UpdateFile not found: ;

+ Microsoft UpdaterFile not found: ;

+ NeroCheckNeroCheckAhead Software Gmbhc:\winnt\system32\nerocheck.exe

+ PDF Converter Registry ControllerPDF Converter Registry ControllerScanSoft, Inc.e:\program files\scansoft\pdf converter\registrycontroller.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ StormCodec_Helpere:\program files\ringz studio\storm codec\stormset.exe

+ Super Rabbit SRRestoreFile not found: E:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

+ yok.exeyok.exeYOK.Comc:\program files\yok\yok.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Internat.exeKeyboard Language Indicator AppletMicrosoft Corporationc:\winnt\system32\internat.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ Class Install HandlerOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ deflateOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gzipOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ lzdhtmlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ text/webviewhtmlWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ aboutMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ cdlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ fileOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ftpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gopherOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpsOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ javascriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ localOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ mailtoMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ mhtmlMicrosoft Internet Messaging APIMicrosoft Corporationc:\winnt\system32\inetcomm.dll

+ mkOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ms-itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ resMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ sysimageMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vbscriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vnd.ms.radioWindows Media Player 2 ActiveX ControlMicrosoft Corporationc:\winnt\system32\msdxm.ocx

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0File not found: http://img.sbs.co.kr/newimg/tv2004/etc/image_up/04mygir0125_1024.jpg

+ 1File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

+ EnableRevocationMicrosoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Internet Explorer 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Outlook Express 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\winnt\inf\unregmp2.exe

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Kingsoft DubaFile not found: C:\KAV6\KAVEXT.DLL

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

艾微儿 - 2006-11-12 18:40:00

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Fax Tiff Data Column ProviderFax Tiff Data Column ProviderMicrosoft Corporationc:\winnt\system32\faxshell.dll

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.e:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

+ ShAVColumnProvider classDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ Version Column ProviderDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ bho Class万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ PrjZKBaiduBHO.ZKBaiduBHOzcomc:\winnt\system32\zkbaidubho.dll

+ VnetCookie ClassVnetTransfer Modulec:\program files\vnetclient1.6\vnettransfer.dll

+ 珊瑚虫超级搜索toolbar.dllYOK.Comc:\program files\yok\toolbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbar.dlltoolbar.dllYOK.Comc:\program files\yok\toolbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ msdxm.ocxWindows Media Player 2 ActiveX ControlMicrosoft Corporationc:\winnt\system32\msdxm.ocx

+ 珊瑚虫超级搜索toolbar.dllYOK.Comc:\program files\yok\toolbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe

+ 腾讯QQQQTENCENTe:\program files\tencent\qq\qq.exe

+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=1

Task Scheduler

+ DDD_Install_Program.jobFile not found: C:\DOCUME~1\JOAN~1.JOA\LOCALS~1\Temp\miniddd.exe

HKLM\System\CurrentControlSet\Services

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\winnt\system32\services.exe

+ dmserver逻辑磁盘管理器监视狗服务Microsoft Corporationc:\winnt\system32\services.exe

+ Dnscache解析和缓冲域名系统 (DNS) 名称。Microsoft Corporationc:\winnt\system32\services.exe

+ Eventlog记录程序和 Windows 发送的事件消息。事件日志包含对诊断问题有所帮助的信息。您可以在“事件查看器”中查看报告。Microsoft Corporationc:\winnt\system32\services.exe

+ HidServHID Audio ServiceMicrosoft Corporationc:\winnt\system32\hidserv.exe

+ kavsvcKaspersky Anti-Virus ServiceKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe

+ lanmanworkstation提供网络链结和通讯。Microsoft Corporationc:\winnt\system32\services.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\winnt\system32\services.exe

+ NtmsSvc管理可移动媒体、驱动程序和库。Microsoft Corporationc:\winnt\system32\svchost.exe

+ PlugPlay管理设备安装以及配置，并且通知程序关于设备更改的情况。Microsoft Corporationc:\winnt\system32\services.exe

+ PolicyAgent管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。Microsoft Corporationc:\winnt\system32\lsass.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\winnt\system32\services.exe

+ RemoteRegistry允许远程注册表操作。Microsoft Corporationc:\winnt\system32\regsvc.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\winnt\system32\lsass.exe

+ Schedule允许程序在指定时间运行。Microsoft Corporationc:\winnt\system32\mstask.exe

+ seclogon在不同凭据下启用启动过程Microsoft Corporationc:\winnt\system32\services.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\winnt\system32\svchost.exe

+ SharedAccess为通过拨号网络连接的家庭网络中所有计算机提供网络地址转换、定址以及名称解析服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\winnt\system32\spoolsv.exe

+ stisvcStill Image Devices MonitorMicrosoft Corporationc:\winnt\system32\stisvc.exe

+ TrkWks当文件在网络域的 NTFS 卷中移动时发送通知。Microsoft Corporationc:\winnt\system32\services.exe

+ WinMgmt提供系统管理信息。Microsoft Corporationc:\winnt\system32\wbem\winmgmt.exe

+ wuauserv从 Windows Update 启用重要的 Windows 更新的下载和安装。如果禁用该服务，操作系统可以在 Windows Update Web 网站手动更新。Microsoft Corporationc:\winnt\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPIACPI Driver for NTMicrosoft Corporationc:\winnt\system32\drivers\acpi.sys

+ actserActser filter driver for Windows 2000/XPSiemens AGc:\winnt\system32\drivers\actser.sys

+ actvcommActVComm driverSiemens AGc:\winnt\system32\drivers\actvcomm.sys

+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\winnt\system32\drivers\afd.sys

+ AppleTalkAppleTalk ProtocolMicrosoft Corporationc:\winnt\system32\drivers\sfmatalk.sys

+ AsyncMacRAS Asynchronous Media DriverMicrosoft Corporationc:\winnt\system32\drivers\asyncmac.sys

+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\winnt\system32\drivers\atapi.sys

+ AtmarpcATM ARP Client ProtocolMicrosoft Corporationc:\winnt\system32\drivers\atmarpc.sys

+ audstubAudStub DriverMicrosoft Corporationc:\winnt\system32\drivers\audstub.sys

+ baagdy14File not found: system32\drivers\baagdy14.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\winnt\system32\drivers\basetdi.sys

+ C-DillaFile not found: C:\WINNT\System32\drivers\CDANT.SYS

+ ccdecodeWDM Closed Caption VBI CodecMicrosoft Corporationc:\winnt\system32\drivers\ccdecode.sys

+ CdaC15BAMacrovision SECURITY DriverMacrovision Europe Ltdc:\winnt\system32\drivers\cdac15ba.sys

+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\winnt\system32\drivers\cdrom.sys

+ d347busPnP BIOS Extension c:\winnt\system32\drivers\d347bus.sys

+ d347prtSCSI miniport c:\winnt\system32\drivers\d347prt.sys

+ DiskPnP Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\disk.sys

+ DlcDLC ProtocolMicrosoft Corporationc:\winnt\system32\drivers\dlc.sys

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys

+ DMusicMicrosoft DirectMusic Software Synthesizer (WDM)Microsoft Corporationc:\winnt\system32\drivers\dmusic.sys

+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\fdc.sys

+ ferdrc:\winnt\system32\drivers\ferdr.sys

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc. c:\winnt\system32\drivers\fetnd5b.sys

+ FETNDISBNDIS 5.0 miniport driverVIA Technologies, Inc. c:\winnt\system32\drivers\fetnd5b.sys

+ FlpydiskFloppy DriverMicrosoft Corporationc:\winnt\system32\drivers\flpydisk.sys

+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\winnt\system32\drivers\fsvga.sys

+ FtdiskFT Disk DriverMicrosoft Corporationc:\winnt\system32\drivers\ftdisk.sys

+ girntolpNetwork DriverMicrosoft Corporationc:\winnt\system32\drivers\girntolp.sys

+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS

+ GNetPPPoEIntermediate Miniport Driver For PPP over Ethernet ProtocolGuangdong Data Communications Network Co.Ltd.c:\winnt\system32\drivers\pppoe.sys

+ GpcGeneric Packet ClassifierMicrosoft Corporationc:\winnt\system32\drivers\msgpc.sys

+ HidUsbUSB Miniport Driver for Input DevicesMicrosoft Corporationc:\winnt\system32\drivers\hidusb.sys

+ HOOKAPIFile not found: C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ i8042prti8042 Port DriverMicrosoft Corporationc:\winnt\system32\drivers\i8042prt.sys

+ ids0004CFile not found: C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys

+ IpFilterDriverIP Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\ipfltdrv.sys

+ IpInIpIP in IP Tunnel DriverMicrosoft Corporationc:\winnt\system32\drivers\ipinip.sys

+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\winnt\system32\drivers\ipnat.sys

+ IPSECIPSEC driverMicrosoft Corporationc:\winnt\system32\drivers\ipsec.sys

+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\irenum.sys

+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\isapnp.sys

+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\winnt\system32\drivers\kbdclass.sys

+ kbdhidHID Mouse Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\kbdhid.sys

+ Kl1Kaspersky Anti-Hacker Only DriverKaspersky Labc:\winnt\system32\drivers\kl1.sys

+ Klifspuper-ptorKaspersky Labsc:\winnt\system32\drivers\klif.sys

+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\winnt\system32\drivers\klmc.sys

+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\winnt\system32\drivers\kmixer.sys

+ kmsinputc:\winnt\system32\drivers\kmsinput.sys

+ MouclassMouse Class DriverMicrosoft Corporationc:\winnt\system32\drivers\mouclass.sys

+ MPEMicrosoft MPE to IP FilterMicrosoft Corporationc:\winnt\system32\drivers\mpe.sys

+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ MSKSSRVMS KS ServerMicrosoft Corporationc:\winnt\system32\drivers\mskssrv.sys

+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\winnt\system32\drivers\mspclock.sys

+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\winnt\system32\drivers\mspqm.sys

+ MSTEEWDM Tee/Communication Transform Filter Microsoft Corporationc:\winnt\system32\drivers\mstee.sys

+ NABTSFECWDM NABTS/FEC VBI CodecMicrosoft Corporationc:\winnt\system32\drivers\nabtsfec.sys

+ NdisTapiRemote Access NDIS TAPI DriverMicrosoft Corporationc:\winnt\system32\drivers\ndistapi.sys

+ NdisuioNDIS 用户模式 I/O 协议Microsoft Corporationc:\winnt\system32\drivers\ndisuio.sys

+ NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\winnt\system32\drivers\ndiswan.sys

+ NetBTNetBios over TcpipMicrosoft Corporationc:\winnt\system32\drivers\netbt.sys

+ NetDetectNetwork Card Detection driverMicrosoft Corporationc:\winnt\system32\drivers\netdtect.sys

+ New0c:\winnt\system32\new.sys

艾微儿 - 2006-11-12 18:42:00

+ nmNetmon NT DriverMicrosoft Corporationc:\winnt\system32\drivers\nmnt.sys

+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\winnt\system32\drivers\npf.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.e:\program files\tencent\qq\npkcrypt.sys

+ NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkflt.sys

+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkfwd.sys

+ OVT511PlusStream Class Mini DriverOmniVision Technologies, Inc.c:\winnt\system32\drivers\omcamvid.sys

+ ParallelParallel Printer DriverMicrosoft Corporationc:\winnt\system32\drivers\parallel.sys

+ ParportParallel Port DriverMicrosoft Corporationc:\winnt\system32\drivers\parport.sys

+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\pci.sys

+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\pciide.sys

+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\winnt\system32\drivers\raspptp.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ puojlubdNetwork DriverMicrosoft Corporationc:\winnt\system32\drivers\puojlubd.sys

+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\winnt\system32\drivers\rasacd.sys

+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\winnt\system32\drivers\rasl2tp.sys

+ RasptiDirect ParallelMicrosoft Corporationc:\winnt\system32\drivers\raspti.sys

+ RCARCA filterMicrosoft Corporationc:\winnt\system32\drivers\rca.sys

+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\redbook.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ S3PsddrS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\winnt\system32\drivers\s3gnbm.sys

+ SecDrvMacrovision SECURITY DriverMacrovision Europe Ltdc:\winnt\system32\drivers\secdrv.sys

+ serenumSerial Port EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\serenum.sys

+ SerialSerial Device DriverMicrosoft Corporationc:\winnt\system32\drivers\serial.sys

+ siusbmodFile not found: system32\DRIVERS\siusbmod.sys

+ SLIPMicrosoft Slip Deframing Filter MinidriverMicrosoft Corporationc:\winnt\system32\drivers\slip.sys

+ SPAInfoDrvFile not found: E:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys

+ streamipMicrosoft IP DriverMicrosoft Corporationc:\winnt\system32\drivers\streamip.sys

+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\swenum.sys

+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\winnt\system32\drivers\swmidi.sys

+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\winnt\system32\drivers\sysaudio.sys

+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\winnt\system32\drivers\tcpip.sys

+ TSPspuper-ptorKaspersky Labsc:\winnt\system32\drivers\klif.sys

+ uewkoz67c:\winnt\system32\drivers\uewkoz67.sys

+ uhcdUniversal Host Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\uhcd.sys

+ UpdateUpdate DriverMicrosoft Corporationc:\winnt\system32\drivers\update.sys

+ usbehciEHCI eUSB Miniport DriverMicrosoft Corporationc:\winnt\system32\drivers\usbehci.sys

+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\winnt\system32\drivers\usbhub.sys

+ usbhub20Default Hub Driver for USB 2.0Microsoft Corporationc:\winnt\system32\drivers\usbhub20.sys

+ usbprintUSB Printer driverMicrosoft Corporationc:\winnt\system32\drivers\usbprint.sys

+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\winnt\system32\drivers\usbstor.sys

+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\winnt\system32\drivers\vga.sys

+ viaagpVIA NT AGP FilterMicrosoft Corporationc:\winnt\system32\drivers\viaagp.sys

+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\winnt\system32\drivers\viaagp1.sys

+ viafilterVIA USB Filter DriverVIA Technologies, Inc.c:\winnt\system32\drivers\viausb.sys

+ viaideVIA PCI IDE Bus DriverVIA Technologies, Inc.c:\winnt\system32\drivers\viaide.sys

+ VIAudioVIA AC'97 Enhanced Audio WDM Driver VIA Technologies, Inc.c:\winnt\system32\drivers\viaudios.sys

+ Vspc:\winnt\system32\drivers\vsp.sys

+ vulfnthsVIA USB Host Controller Lower Filter DriverVIA Technologies, Inc.c:\winnt\system32\drivers\vulfnth.sys

+ vulfntrsVIA USB Roothub Lower Filter DriverVIA Technologies, Inc.c:\winnt\system32\drivers\vulfntr.sys

+ WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\winnt\system32\drivers\wanarp.sys

+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\winnt\system32\drivers\wdmaud.sys

+ wkpgljefFile not found: C:\WINNT\system32\drivers\wkpgljef.sys

+ WSTCODECWDM WST Codec DriverMicrosoft Corporationc:\winnt\system32\drivers\wstcodec.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\winnt\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\winnt\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\winnt\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\winnt\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\winnt\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\winnt\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\winnt\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\winnt\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\winnt\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\winnt\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\winnt\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\winnt\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\winnt\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ user32Windows 2000 USER API Client DLLMicrosoft Corporationc:\winnt\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\winnt\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\winnt\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\winnt\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chainCrypto API32Microsoft Corporationc:\winnt\system32\crypt32.dll

+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\winnt\system32\cryptnet.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\winnt\system32\cscdll.dll

+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\winnt\system32\sclgntfy.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\winnt\system32\wlnotify.dll

+ wzcnotifWireless Zero Configuration Service UIMicrosoft Corporationc:\winnt\system32\wzcdlg.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINNT\EARTHV~1.SCRc:\winnt\earthview.scr

艾微儿 - 2006-11-12 18:42:00

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD AppleTalk [ADSP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [ADSP] [Pseudo Stream]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [PAP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [RTMP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD AppleTalk [ZIP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{326469D7-63B7-4E8C-A1D8-60C7ADEE9927}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{326469D7-63B7-4E8C-A1D8-60C7ADEE9927}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F12D459-B8AC-41B8-83E7-4718A627FE0E}] DATAGRAM 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F12D459-B8AC-41B8-83E7-4718A627FE0E}] SEQPACKET 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{63222388-6E63-4707-A9EF-D88DCEA84871}] DATAGRAM 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{63222388-6E63-4707-A9EF-D88DCEA84871}] SEQPACKET 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{841BA836-4863-4136-ADD0-825520C30A0D}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{841BA836-4863-4136-ADD0-825520C30A0D}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B510BCAE-CECA-4679-A6F1-16373804DC49}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B510BCAE-CECA-4679-A6F1-16373804DC49}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB38CC98-0C53-4C05-97E1-F84D14EDE421}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB38CC98-0C53-4C05-97E1-F84D14EDE421}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ AppleTalk 打印服务AppleTalk Print MonitorMicrosoft Corporationc:\winnt\system32\sfmmon.dll

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\winnt\system32\cnbjmon.dll

+ EPSON V6 Monitor4SAEPSON Bi-directional MonitorSEIKO EPSON CORPORATIONc:\winnt\system32\ebpmon24.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

+ scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\winnt\system32\scecli.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

+ kerberosKerberos Security PackageMicrosoft Corporationc:\winnt\system32\kerberos.dll

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll

+ schannelTLS / SSL Security ProviderMicrosoft Corporationc:\winnt\system32\schannel.dll

瑞星卡卡安全论坛