本报告由QQ医生提供 http://im.qq.com/doctor/ 诊断时间: 2009-04-04 15:51:26 操作系统: Windows XP Service Pack 3 QQ医生版本: QQDoctor.exe 2, 1, 14, 201 DrUpdate.exe 2009, 3, 23, 11 TSELoder.DAT 2008, 1, 28, 13 TSEngine.DAT 2008, 4, 7, 25 TSEPB.DAT 2009, 3, 5, 35 TSFSEngine.DAT 2009, 3, 11, 7 TSFileFilter.DAT 2007, 12, 5, 01 TSKsp.sys 2009, 3, 16, 10 TSKSPLIB.dat 2009, 3, 16, 10 TSVulMon.DAT 2009, 3, 16, 10 TSVulChk.dat 2009, 3, 23, 11 ====================进程项==================== C:\WINDOWS\System32\alg.exe (Microsoft Corporation, 43.5 KB, 5.1.2600.5512 (xpsp.080413-0852)) f031c127d798e1549861317064066287 C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc., 352.0 KB, 6.14.10.4114) 6633cbf0d658440f0962d90e5bd20dde C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc., 352.0 KB, 6.14.10.4114) 6633cbf0d658440f0962d90e5bd20dde \??\C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, 6.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) fea5c15e63790770b1e8216a7d64d90d C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, 15.0 KB, 5.1.2600.5512 (xpsp.080413-2105)) 9339a79fa7d415dc39cf021880af7992 C:\WINDOWS\Explorer.EXE (Microsoft Corporation, 955.5 KB, 6.00.2900.5512 (xpsp.080413-2105)) 9eb867933136ad37eaf7f2ecb97e3a4d C:\WINDOWS\Explorer.EXE [Microsoft Corporation] C:\WINDOWS\system32\ntdll.dll [Microsoft Corporation] C:\WINDOWS\system32\kernel32.dll [Microsoft Corporation] C:\WINDOWS\system32\ADVAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\RPCRT4.dll [Microsoft Corporation] C:\WINDOWS\system32\Secur32.dll [Microsoft Corporation] C:\WINDOWS\system32\BROWSEUI.dll [Microsoft Corporation] C:\WINDOWS\system32\GDI32.dll [Microsoft Corporation] C:\WINDOWS\system32\USER32.dll [Microsoft Corporation] C:\WINDOWS\system32\msvcrt.dll [Microsoft Corporation] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHLWAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\OLEAUT32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHDOCVW.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPT32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSASN1.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPTUI.dll [Microsoft Corporation] C:\WINDOWS\system32\NETAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\VERSION.dll [Microsoft Corporation] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation] C:\WINDOWS\system32\WINTRUST.dll [Microsoft Corporation] C:\WINDOWS\system32\IMAGEHLP.dll [Microsoft Corporation] C:\WINDOWS\system32\WLDAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation] C:\WINDOWS\system32\ShimEng.dll [Microsoft Corporation] C:\WINDOWS\AppPatch\AcGenral.DLL [Microsoft Corporation] C:\WINDOWS\system32\WINMM.dll [Microsoft Corporation] C:\WINDOWS\system32\MSACM32.dll [Microsoft Corporation] C:\WINDOWS\system32\USERENV.dll [Microsoft Corporation] C:\WINDOWS\system32\IMM32.DLL [Microsoft Corporation] C:\WINDOWS\system32\LPK.DLL [Microsoft Corporation] C:\WINDOWS\system32\USP10.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [Microsoft Corporation] C:\WINDOWS\system32\comctl32.dll [Microsoft Corporation] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation] C:\WINDOWS\system32\msctfime.ime [Microsoft Corporation] C:\WINDOWS\system32\appHelp.dll [Microsoft Corporation] C:\WINDOWS\system32\CLBCATQ.DLL [Microsoft Corporation] C:\WINDOWS\system32\COMRes.dll [Microsoft Corporation] C:\WINDOWS\System32\cscui.dll [Microsoft Corporation] C:\WINDOWS\System32\CSCDLL.dll [Microsoft Corporation] C:\WINDOWS\system32\themeui.dll [Microsoft Corporation] C:\WINDOWS\system32\MSIMG32.dll [Microsoft Corporation] C:\WINDOWS\system32\xpsp2res.dll [Microsoft Corporation] C:\WINDOWS\system32\actxprxy.dll [Microsoft Corporation] C:\WINDOWS\system32\msutb.dll [Microsoft Corporation] C:\WINDOWS\system32\MSCTF.dll [Microsoft Corporation] C:\WINDOWS\system32\SAMLIB.dll [Microsoft Corporation] C:\WINDOWS\system32\ntshrui.dll [Microsoft Corporation] C:\WINDOWS\system32\ATL.DLL [Microsoft Corporation] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\msi.dll [Microsoft Corporation] C:\WINDOWS\system32\LINKINFO.dll [Microsoft Corporation] C:\WINDOWS\system32\NETSHELL.dll [Microsoft Corporation] C:\WINDOWS\system32\credui.dll [Microsoft Corporation] C:\WINDOWS\system32\dot3api.dll [Microsoft Corporation] C:\WINDOWS\system32\rtutils.dll [Microsoft Corporation] C:\WINDOWS\system32\dot3dlg.dll [Microsoft Corporation] C:\WINDOWS\system32\OneX.DLL [Microsoft Corporation] C:\WINDOWS\system32\WTSAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\WINSTA.dll [Microsoft Corporation] C:\WINDOWS\system32\eappcfg.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVCP60.dll [Microsoft Corporation] C:\WINDOWS\system32\eappprxy.dll [Microsoft Corporation] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2_32.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2HELP.dll [Microsoft Corporation] C:\WINDOWS\system32\webcheck.dll [Microsoft Corporation] C:\WINDOWS\system32\WSOCK32.dll [Microsoft Corporation] C:\WINDOWS\system32\stobject.dll [Microsoft Corporation] C:\WINDOWS\system32\BatMeter.dll [Microsoft Corporation] C:\WINDOWS\system32\POWRPROF.dll [Microsoft Corporation] C:\WINDOWS\system32\wdmaud.drv [Microsoft Corporation] C:\WINDOWS\system32\msacm32.drv [Microsoft Corporation] C:\WINDOWS\system32\midimap.dll [Microsoft Corporation] C:\WINDOWS\system32\zipfldr.dll [Microsoft Corporation] C:\Program Files\WinRAR\rarext.dll [] C:\WINDOWS\system32\NTMARTA.DLL [Microsoft Corporation] C:\WINDOWS\system32\MPR.dll [Microsoft Corporation] C:\WINDOWS\System32\drprov.dll [Microsoft Corporation] C:\WINDOWS\System32\ntlanman.dll [Microsoft Corporation] C:\WINDOWS\System32\NETUI0.dll [Microsoft Corporation] C:\WINDOWS\System32\NETUI1.dll [Microsoft Corporation] C:\WINDOWS\System32\NETRAP.dll [Microsoft Corporation] C:\WINDOWS\System32\davclnt.dll [Microsoft Corporation] C:\WINDOWS\system32\RASDLG.dll [Microsoft Corporation] C:\WINDOWS\system32\MPRAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\ACTIVEDS.dll [Microsoft Corporation] C:\WINDOWS\system32\adsldpc.dll [Microsoft Corporation] C:\WINDOWS\system32\RASAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\rasman.dll [Microsoft Corporation] C:\WINDOWS\system32\TAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\WZCSAPI.DLL [Microsoft Corporation] C:\WINDOWS\system32\msv1_0.dll [Microsoft Corporation] C:\WINDOWS\system32\rsaenh.dll [Microsoft Corporation] C:\WINDOWS\system32\SXS.DLL [Microsoft Corporation] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation] C:\WINDOWS\system32\MSGINA.dll [Microsoft Corporation] C:\WINDOWS\system32\ODBC32.dll [Microsoft Corporation] C:\WINDOWS\system32\comdlg32.dll [Microsoft Corporation] C:\WINDOWS\system32\odbcint.dll [Microsoft Corporation] C:\WINDOWS\system32\DUSER.dll [Microsoft Corporation] C:\WINDOWS\system32\MLANG.dll [Microsoft Corporation] C:\WINDOWS\system32\mydocs.dll [Microsoft Corporation] D:\酷我音乐盒\KWMUSIC\kwmv.exe (, 304.0 KB, ) 6760465fc3c7ce4f0dbe9bebf6a031c3 C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, 13.0 KB, 5.1.2600.5512 (xpsp.080413-2113)) bc16a35900d8abdbce0d87e9fcf21f65 C:\WINDOWS\system32\ntdll.dll [Microsoft Corporation] C:\WINDOWS\system32\kernel32.dll [Microsoft Corporation] C:\WINDOWS\system32\COMCTL32.dll [Microsoft Corporation] C:\WINDOWS\system32\ADVAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\RPCRT4.dll [Microsoft Corporation] C:\WINDOWS\system32\Secur32.dll [Microsoft Corporation] C:\WINDOWS\system32\GDI32.dll [Microsoft Corporation] C:\WINDOWS\system32\USER32.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2_32.dll [Microsoft Corporation] C:\WINDOWS\system32\msvcrt.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2HELP.dll [Microsoft Corporation] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPT32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSASN1.dll [Microsoft Corporation] C:\WINDOWS\system32\OLEAUT32.dll [Microsoft Corporation] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHLWAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\VERSION.dll [Microsoft Corporation] C:\WINDOWS\system32\PSAPI.DLL [Microsoft Corporation] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation] C:\WINDOWS\system32\comdlg32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation] C:\WINDOWS\system32\WINTRUST.dll [Microsoft Corporation] C:\WINDOWS\system32\IMAGEHLP.dll [Microsoft Corporation] C:\WINDOWS\system32\IMM32.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll [Microsoft Corporation] C:\WINDOWS\system32\MSIMG32.dll [Microsoft Corporation] C:\WINDOWS\system32\USP10.dll [Microsoft Corporation] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation] C:\WINDOWS\system32\LPK.DLL [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [Microsoft Corporation] C:\WINDOWS\system32\Wtsapi32.dll [Microsoft Corporation] C:\WINDOWS\system32\WINSTA.dll [Microsoft Corporation] C:\WINDOWS\system32\NETAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation] C:\WINDOWS\system32\MSCTF.dll [Microsoft Corporation] C:\WINDOWS\system32\CLBCATQ.DLL [Microsoft Corporation] C:\WINDOWS\system32\COMRes.dll [Microsoft Corporation] C:\WINDOWS\system32\msxml3.dll [Microsoft Corporation] C:\WINDOWS\system32\WINMM.dll [Microsoft Corporation] C:\WINDOWS\system32\msctfime.ime [Microsoft Corporation] C:\WINDOWS\system32\mlang.dll [Microsoft Corporation] C:\WINDOWS\system32\MFC42.DLL [Microsoft Corporation] C:\WINDOWS\system32\MFC42LOC.DLL [Microsoft Corporation] C:\WINDOWS\system32\xpsp2res.dll [Microsoft Corporation] C:\WINDOWS\system32\msi.dll [Microsoft Corporation] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\AVICAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVFW32.dll [Microsoft Corporation] C:\WINDOWS\system32\WSOCK32.dll [Microsoft Corporation] C:\WINDOWS\system32\shdocvw.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPTUI.dll [Microsoft Corporation] C:\WINDOWS\system32\WLDAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\mscms.dll [Microsoft Corporation] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation] C:\WINDOWS\system32\wdmaud.drv [Microsoft Corporation] C:\WINDOWS\system32\msacm32.drv [Microsoft Corporation] C:\WINDOWS\system32\MSACM32.dll [Microsoft Corporation] C:\WINDOWS\system32\midimap.dll [Microsoft Corporation] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation] C:\WINDOWS\system32\mshtml.dll [Microsoft Corporation] C:\WINDOWS\system32\msls31.dll [Microsoft Corporation] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\rasadhlp.dll [Microsoft Corporation] C:\WINDOWS\System32\winrnr.dll [Microsoft Corporation] C:\WINDOWS\system32\hnetcfg.dll [Microsoft Corporation] C:\WINDOWS\System32\wshtcpip.dll [Microsoft Corporation] C:\WINDOWS\system32\MSIMTF.dll [Microsoft Corporation] C:\WINDOWS\system32\jscript.dll [Microsoft Corporation] C:\WINDOWS\system32\apphelp.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation] C:\WINDOWS\system32\vbscript.dll [Microsoft Corporation] C:\WINDOWS\system32\devenum.dll [Microsoft Corporation] C:\WINDOWS\system32\msdmo.dll [Microsoft Corporation] C:\WINDOWS\system32\MPRAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\ACTIVEDS.dll [Microsoft Corporation] C:\WINDOWS\system32\adsldpc.dll [Microsoft Corporation] C:\WINDOWS\system32\ATL.DLL [Microsoft Corporation] C:\WINDOWS\system32\rtutils.dll [Microsoft Corporation] C:\WINDOWS\system32\SAMLIB.dll [Microsoft Corporation] C:\WINDOWS\system32\RASAPI32.DLL [Microsoft Corporation] C:\WINDOWS\system32\rasman.dll [Microsoft Corporation] C:\WINDOWS\system32\TAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\msv1_0.dll [Microsoft Corporation] C:\WINDOWS\system32\schannel.dll [Microsoft Corporation] C:\WINDOWS\system32\USERENV.dll [Microsoft Corporation] C:\WINDOWS\system32\sensapi.dll [Microsoft Corporation] C:\WINDOWS\system32\SXS.DLL [Microsoft Corporation] C:\WINDOWS\system32\NETSHELL.dll [Microsoft Corporation] C:\WINDOWS\system32\credui.dll [Microsoft Corporation] C:\WINDOWS\system32\dot3api.dll [Microsoft Corporation] C:\WINDOWS\system32\dot3dlg.dll [Microsoft Corporation] C:\WINDOWS\system32\OneX.DLL [Microsoft Corporation] C:\WINDOWS\system32\eappcfg.dll [Microsoft Corporation] C:\WINDOWS\system32\eappprxy.dll [Microsoft Corporation] C:\WINDOWS\system32\LINKINFO.dll [Microsoft Corporation] C:\WINDOWS\system32\ntshrui.dll [Microsoft Corporation] D:\新建文件夹 (3)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd, 512.0 KB, 3, 0, 0, 57) efe66f26401022608f79065715e88e22 C:\WINDOWS\system32\services.exe (Microsoft Corporation, 106.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) 5edc33c1cfc364bc2e3ea66a75647914 \SystemRoot\System32\smss.exe (Microsoft Corporation, 49.5 KB, 5.1.2600.5512 (xpsp.080413-2111)) 6129c73d0a6402008f7695ddc7b683e2 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) e31fb4f13f5949b868c117714bb44375 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) e31fb4f13f5949b868c117714bb44375 C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) e31fb4f13f5949b868c117714bb44375 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) e31fb4f13f5949b868c117714bb44375 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.5512 (xpsp.080413-2111)) e31fb4f13f5949b868c117714bb44375 C:\WINDOWS\system32\UTSCSI.EXE (, 44.0 KB, 1, 0, 0, 2) 8afffda081cff3057391fedbbb483601 \??\C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, 481.5 KB, 5.1.2600.5512 (xpsp.080413-2113)) c10d631b1d60635545a05c5b3556c68d ====================启动项==================== AlternateShell [Microsoft Corporation] (cmd.exe) "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot" 83ba7e22bf529858a345f483d7e94c16 BootExecute [Microsoft Corporation] (autochk *) "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" 0d96293ea4bf2838ddaadc9bc52d9ef9 ctfmon.exe [Microsoft Corporation] (C:\WINDOWS\system32\ctfmon.exe) "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 9339a79fa7d415dc39cf021880af7992 IMJPMIG8.1 [Microsoft Corporation] ("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 7bbe4cf421aecc7f0226edd75f12079f PHIME2002A [Microsoft Corporation] (C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 024dc0f68df5fd6ae9dd82dfbaf479d6 PHIME2002ASync [Microsoft Corporation] (C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 024dc0f68df5fd6ae9dd82dfbaf479d6 Shell [Microsoft Corporation] (Explorer.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 9eb867933136ad37eaf7f2ecb97e3a4d UIHost [Microsoft Corporation] (logonui.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 585c5b365163cc8c4767987beea4866b Userinit [Microsoft Corporation] (C:\WINDOWS\system32\userinit.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 431fed77e71b1831cd485890159d467c ====================BHO==================== IEFXZ [] {6A49F431-2A2E-41a5-9080-0F41D1A3AEC2} "C:\Program Files\IEfxz\iefxz.dll" 启用 3ed4e3017f5ac86722e4b28dcc69e1f7 ====================IE右键菜单==================== 使用迅雷下载 [D:\Thunder Network\Program\GetUrl.htm] 使用迅雷下载全部链接 [D:\Thunder Network\Program\GetAllUrl.htm] 添加到QQ表情 [] ====================系统服务==================== Alerter [Microsoft Corporation] "C:\WINDOWS\system32\alrsvc.dll" 禁用 8f48dd0ecf585a5745df22d962d2fd47 ALG [Microsoft Corporation] "C:\WINDOWS\System32\alg.exe" 启用 f031c127d798e1549861317064066287 AppMgmt [Microsoft Corporation] "C:\WINDOWS\System32\appmgmts.dll" 禁用 28b700b7fdc38f343197798e0403c584 Ati HotKey Poller [ATI Technologies Inc.] "C:\WINDOWS\system32\Ati2evxx.exe" 启用 6633cbf0d658440f0962d90e5bd20dde ATI Smart [] "C:\WINDOWS\system32\ati2sgag.exe" 禁用 e08f67a80bf2fa7df80f99f1e771ef3e AudioSrv [Microsoft Corporation] "C:\WINDOWS\System32\audiosrv.dll" 启用 0c03a81067bfe60ab076fb866eeb7d44 BITS [Microsoft Corporation] "C:\WINDOWS\system32\qmgr.dll" 禁用 77136d334eebb32f38fddd74e6d20380 Browser [Microsoft Corporation] "C:\WINDOWS\System32\browser.dll" 禁用 b5030062dc5d227b063b65fef328e36f CiSvc [Microsoft Corporation] "C:\WINDOWS\system32\cisvc.exe" 禁用 7fb470ae06a28a8cb035593d820d9497 ClipSrv [Microsoft Corporation] "C:\WINDOWS\system32\clipsrv.exe" 禁用 1c8773b346a2e789f1729fc1c5ff4e6f COMSysApp [Microsoft Corporation] "C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" 禁用 eddfaaa9db2c1f6aa9631b621352ca83 CryptSvc [Microsoft Corporation] "C:\WINDOWS\System32\cryptsvc.dll" 启用 30f1c6eddba5d5b1da054b07d31843db DcomLaunch [Microsoft Corporation] "C:\WINDOWS\system32\rpcss.dll" 启用 b2432c9a8142d504542f7ea87eb75be4 Dhcp [Microsoft Corporation] "C:\WINDOWS\System32\dhcpcsvc.dll" 启用 1a93467e7bd9eaad9049488f3b45c0e8 dmadmin [Microsoft Corp., Veritas Software] "C:\WINDOWS\System32\dmadmin.exe /com" 禁用 65b12edacdcf3c7866615955cb3ab3ef dmserver [Microsoft Corp.] "C:\WINDOWS\System32\dmserver.dll" 启用 d22b022857d2c8618a92837648156752 Dnscache [Microsoft Corporation] "C:\WINDOWS\System32\dnsrslvr.dll" 启用 025abcb78f69dd458199745194fb53e2 Dot3svc [Microsoft Corporation] "C:\WINDOWS\System32\dot3svc.dll" 禁用 2977b1a2f8273f55ccd0158e1ed6578a EapHost [Microsoft Corporation] "C:\WINDOWS\System32\eapsvc.dll" 禁用 b347c2edeacc53a98beafe41835ae1a1 ERSvc [Microsoft Corporation] "C:\WINDOWS\System32\ersvc.dll" 启用 34bf0b68949d77e60cebcdbb35cfbe77 Eventlog [Microsoft Corporation] "C:\WINDOWS\system32\services.exe" 启用 5edc33c1cfc364bc2e3ea66a75647914 EventSystem [Microsoft Corporation] "C:\WINDOWS\system32\es.dll" 启用 de60a74e82358cedbe8c94151f134dc3 FastUserSwitchingCompatibility [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 禁用 5daa2d4ebd23f1458bdcf1804ac99c5a helpsvc [Microsoft Corporation] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" 启用 01f1dc4933a4607962a4d2341ef4f0f1 HidServ [] "C:\WINDOWS\System32\hidserv.dll" 禁用 hkmsvc [Microsoft Corporation] "C:\WINDOWS\System32\kmsvc.dll" 禁用 5c3907a0fcf9e3940ee6c6414fc47ae7 HTTPFilter [Microsoft Corporation] "C:\WINDOWS\System32\w3ssl.dll" 禁用 f73a83fea9ea0ea702f6b36203c8fa9f ImapiService [Microsoft Corporation] "C:\WINDOWS\system32\imapi.exe" 禁用 4dba71b5715badfbe82a628261c199b7 lanmanserver [Microsoft Corporation] "C:\WINDOWS\System32\srvsvc.dll" 启用 d62596b55a2b7e4df4fb4e396c7f8d96 lanmanworkstation [Microsoft Corporation] "C:\WINDOWS\System32\wkssvc.dll" 启用 7f47851da6ab84a2a11bfe55f983c134 LmHosts [Microsoft Corporation] "C:\WINDOWS\System32\lmhsvc.dll" 启用 b503b858d30afd561208aed67588a47d Messenger [Microsoft Corporation] "C:\WINDOWS\System32\msgsvc.dll" 禁用 6a0e18bc3e2b2f795b5f1b0bec181e7a mnmsrvc [Microsoft Corporation] "C:\WINDOWS\system32\mnmsrvc.exe" 禁用 f2ab0bc6bd8ef7b86cbe1e52b8c15924 MSDTC [Microsoft Corporation] "C:\WINDOWS\system32\msdtc.exe" 禁用 d9ff5f8b58d1e71933fbcf4dc6b3b492 MSIServer [Microsoft Corporation] "C:\WINDOWS\system32\msiexec.exe /V" 禁用 6c985ebcd34f92d666b365b28272195f napagent [Microsoft Corporation] "C:\WINDOWS\System32\qagentrt.dll" 禁用 ca624a432dfafd9d2765e56d4dc686c7 NetDDE [Microsoft Corporation] "C:\WINDOWS\system32\netdde.exe" 禁用 c98a4266674bf276d19069a8cc15bd87 NetDDEdsdm [Microsoft Corporation] "C:\WINDOWS\system32\netdde.exe" 禁用 c98a4266674bf276d19069a8cc15bd87 Netlogon [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 bc16a35900d8abdbce0d87e9fcf21f65 Netman [Microsoft Corporation] "C:\WINDOWS\System32\netman.dll" 启用 64d3d7fc996f063ff39b705dff9077ff Nla [Microsoft Corporation] "C:\WINDOWS\System32\mswsock.dll" 启用 426452ffcc8eadf2db276fcde1ef7aa3 NtLmSsp [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 bc16a35900d8abdbce0d87e9fcf21f65 NtmsSvc [Microsoft Corporation] "C:\WINDOWS\system32\ntmssvc.dll" 禁用 3fbf2f782879406528e71617757ec2dc PlugPlay [Microsoft Corporation] "C:\WINDOWS\system32\services.exe" 启用 5edc33c1cfc364bc2e3ea66a75647914 PolicyAgent [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 启用 bc16a35900d8abdbce0d87e9fcf21f65 ProtectedStorage [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 启用 bc16a35900d8abdbce0d87e9fcf21f65 Qvod Terminal [Shenzhen QVOD Technology Co.,Ltd] "D:\新建文件夹 (3)\QvodPlayer\QvodTerminal.exe" 启用 efe66f26401022608f79065715e88e22 RasAuto [Microsoft Corporation] "C:\WINDOWS\System32\rasauto.dll" 禁用 38fdabad6c1ca2d5fa3442f0f6237a5e RasMan [Microsoft Corporation] "C:\WINDOWS\System32\rasmans.dll" 启用 fef357207fb03c32af6ae18d01441478 RDSessMgr [Microsoft Corporation] "C:\WINDOWS\system32\sessmgr.exe" 禁用 69d610f74ac246f138b4f4f33b2cb7e8 RemoteAccess [Microsoft Corporation] "C:\WINDOWS\System32\mprdim.dll" 禁用 ea0ab6dae208224f06231055875276a4 RemoteRegistry [Microsoft Corporation] "C:\WINDOWS\system32\regsvc.dll" 禁用 347cf4f119823d39f4652d7b9b929559 RpcLocator [Microsoft Corporation] "C:\WINDOWS\system32\locator.exe" 禁用 34924d2ae0d0e7a956ac535c0fc04604 RpcSs [Microsoft Corporation] "C:\WINDOWS\system32\rpcss.dll" 启用 b2432c9a8142d504542f7ea87eb75be4 RSVP [Microsoft Corporation] "C:\WINDOWS\system32\rsvp.exe" 禁用 53a79336f917ca1ff120043dcb74def8 SamSs [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 启用 bc16a35900d8abdbce0d87e9fcf21f65 SCardSvr [Microsoft Corporation] "C:\WINDOWS\System32\SCardSvr.exe" 禁用 e4523f1a50923c745021ab7fe6b4faf4 Schedule [Microsoft Corporation] "C:\WINDOWS\system32\schedsvc.dll" 启用 f5aa11c7faf36d9db4bdcfd83f3dbdeb seclogon [Microsoft Corporation] "C:\WINDOWS\System32\seclogon.dll" 启用 bbcc2167e9f6d0854ef94e06f4c57519 SENS [Microsoft Corporation] "C:\WINDOWS\system32\sens.dll" 启用 44b523a2bd388435373276b0aa9eaa87 SharedAccess [Microsoft Corporation] "C:\WINDOWS\System32\ipnathlp.dll" 启用 acfc95eb9c57f70af8da13adeeecb8a5 ShellHWDetection [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 启用 5daa2d4ebd23f1458bdcf1804ac99c5a Spooler [Microsoft Corporation] "C:\WINDOWS\system32\spoolsv.exe" 禁用 6475496dea6eae2046e15cf422c205fa srservice [Microsoft Corporation] "C:\WINDOWS\system32\srsvc.dll" 启用 f90582ac2b3433776b37d811d2d3baf6 SSDPSRV [Microsoft Corporation] "C:\WINDOWS\System32\ssdpsrv.dll" 禁用 c4f05393cd7c1fb5b4a095cf9585483e stisvc [Microsoft Corporation] "C:\WINDOWS\system32\wiaservc.dll" 禁用 e7906e5b988835f0d5c592e84a76a1bd SwPrv [Microsoft Corporation] "C:\WINDOWS\system32\dllhost.exe /Processid:{489DFA67-1D40-4FE4-9D60-D983A6DC8378}" 禁用 eddfaaa9db2c1f6aa9631b621352ca83 SysmonLog [Microsoft Corporation] "C:\WINDOWS\system32\smlogsvc.exe" 禁用 4a1bbcfd7733132afdd9704062ea550d TapiSrv [Microsoft Corporation] "C:\WINDOWS\System32\tapisrv.dll" 启用 cb0b9e8766ffc557c0349e598312fdd4 TermService [Microsoft Corporation] "C:\WINDOWS\System32\termsrv.dll" 禁用 5313f3226526210ec9f9379591c0a63f Themes [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 启用 5daa2d4ebd23f1458bdcf1804ac99c5a TlntSvr [Microsoft Corporation] "C:\WINDOWS\system32\tlntsvr.exe" 禁用 b643cb97aebacda0fee05fb83aa9cbb0 TrkWks [Microsoft Corporation] "C:\WINDOWS\system32\trkwks.dll" 启用 fafad8f8dc9658a14d0e56c1a2bb40ad upnphost [Microsoft Corporation] "C:\WINDOWS\System32\upnphost.dll" 禁用 604830407848314cad8a7ae05d1a729c UPS [Microsoft Corporation] "C:\WINDOWS\System32\ups.exe" 禁用 a86c7b686ef680b9e87737b30225414d UTSCSI [] "C:\WINDOWS\system32\UTSCSI.EXE" 启用 8afffda081cff3057391fedbbb483601 VSS [Microsoft Corporation] "C:\WINDOWS\System32\vssvc.exe" 禁用 cb53a6d464008b7541b1c23224958ee1 W32Time [Microsoft Corporation] "C:\WINDOWS\system32\w32time.dll" 启用 49cec02dfe06f3f55a02842f5521863c WebClient [Microsoft Corporation] "C:\WINDOWS\System32\webclnt.dll" 启用 a0e8e25401b2574c972a25e9d550f26c winmgmt [Microsoft Corporation] "C:\WINDOWS\system32\wbem\WMIsvc.dll" 启用 0e83443a90dc888f40a25fee74bf877f WmdmPmSN [Microsoft Corporation] "C:\WINDOWS\system32\mspmsnsv.dll" 禁用 8f8a5f57925d5dcc6edb7d27cf762b2b Wmi [Microsoft Corporation] "C:\WINDOWS\System32\advapi32.dll" 禁用 7bd1cdee36024752ffced971b95cf9c4 WmiApSrv [Microsoft Corporation] "C:\WINDOWS\system32\wbem\wmiapsrv.exe" 禁用 4dd0ffb1823f007e601b21fafd4f20dc wscsvc [Microsoft Corporation] "C:\WINDOWS\system32\wscsvc.dll" 启用 0d722efc74b6108c3ec5bb57a33a1cea wuauserv [Microsoft Corporation] "C:\WINDOWS\system32\wuauserv.dll" 启用 02496b57ed09a83ce915b2ec1848021f WZCSVC [Microsoft Corporation] "C:\WINDOWS\System32\wzcsvc.dll" 禁用 7f55b7e5acab04944a01db5edfcb70d7 xmlprov [Microsoft Corporation] "C:\WINDOWS\System32\xmlprov.dll" 禁用 9cea8d414ab50632562a4cace60a5e49 ====================协议相关==================== about [Microsoft Corporation] {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 cdl [Microsoft Corporation] {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 Class Install Handler [Microsoft Corporation] {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 deflate [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 dic [金山软件股份有限公司] {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} "C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll" 启用 a9cc517444ed1aa49d0f668927e9c372 dvd [Microsoft Corporation] {12D51199-0DB5-46FE-A120-47A3D7D937CC} "C:\WINDOWS\system32\msvidctl.dll" 启用 d8c6cc1548b4f96e3200c140004ba480 file [Microsoft Corporation] {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 ftp [Microsoft Corporation] {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 gopher [Microsoft Corporation] {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 gzip [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 http [Microsoft Corporation] {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 https [Microsoft Corporation] {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 its [Microsoft Corporation] {9D148291-B9C8-11D0-A4CC-0000F80149F6} "C:\WINDOWS\system32\itss.dll" 启用 e07bf2b26f6a25c265417d6bf8931e85 javascript [Microsoft Corporation] {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 local [Microsoft Corporation] {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 lzdhtml [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 mailto [Microsoft Corporation] {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 mbox [Microsoft Corporation] {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 mboxflash [Microsoft Corporation] {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 mhtml [Microsoft Corporation] {05300401-BCBC-11d0-85E3-00C04FD85AB4} "C:\WINDOWS\system32\inetcomm.dll" 启用 10e0073ea9c16481dbea152112f84ef8 mk [Microsoft Corporation] {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 ms-its [Microsoft Corporation] {9D148291-B9C8-11D0-A4CC-0000F80149F6} "C:\WINDOWS\system32\itss.dll" 启用 e07bf2b26f6a25c265417d6bf8931e85 res [Microsoft Corporation] {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 sysimage [Microsoft Corporation] {76E67A63-06E9-11D2-A840-006008059382} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 text/webviewhtml [Microsoft Corporation] {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "C:\WINDOWS\system32\shell32.dll" 启用 b21ef9599bc2a599f69abe662bd882c3 tv [Microsoft Corporation] {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "C:\WINDOWS\system32\msvidctl.dll" 启用 d8c6cc1548b4f96e3200c140004ba480 vbscript [Microsoft Corporation] {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 0f7ca7845ea3efcc0de5ff0c3ae84656 wia [Microsoft Corporation] {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "C:\WINDOWS\system32\wiascr.dll" 启用 8c61afd95b6d1a32b3f022883ea482ba ====================已知DLL==================== advapi32 [Microsoft Corporation] "C:\WINDOWS\system32\advapi32.dll" 启用 7bd1cdee36024752ffced971b95cf9c4 comdlg32 [Microsoft Corporation] "C:\WINDOWS\system32\comdlg32.dll" 启用 c7479e84869fd0ad3cc675bc82d359a8 gdi32 [Microsoft Corporation] "C:\WINDOWS\system32\gdi32.dll" 启用 b5fbad2fb4abd3e3d0bc128c4102bddd imagehlp [Microsoft Corporation] "C:\WINDOWS\system32\imagehlp.dll" 启用 6c5d944c7c72af44554c29e8eede7dc4 kernel32 [Microsoft Corporation] "C:\WINDOWS\system32\kernel32.dll" 启用 bf1cdaf5792b78d4730727facf307d46 lz32 [Microsoft Corporation] "C:\WINDOWS\system32\lz32.dll" 启用 c3200506fb212a0f4fb736a80e646c40 ole32 [Microsoft Corporation] "C:\WINDOWS\system32\ole32.dll" 启用 f78acf4eb632e1795024fbfc6dbf7eb3 oleaut32 [Microsoft Corporation] "C:\WINDOWS\system32\oleaut32.dll" 启用 87073fc631c14d82c0b162118b3923aa olecli32 [Microsoft Corporation] "C:\WINDOWS\system32\olecli32.dll" 启用 5c71c1672990fa168b55a3b81544cada olecnv32 [Microsoft Corporation] "C:\WINDOWS\system32\olecnv32.dll" 启用 edf6be4596eb2ebb3955d9899111c62b olesvr32 [Microsoft Corporation] "C:\WINDOWS\system32\olesvr32.dll" 启用 2c78271a8203df02fe98f42307043248 olethk32 [Microsoft Corporation] "C:\WINDOWS\system32\olethk32.dll" 启用 369c4ac059b301f57e8c27a188f24ebc rpcrt4 [Microsoft Corporation] "C:\WINDOWS\system32\rpcrt4.dll" 启用 0b0ab724184b74ad1dc6327da8327ef0 shell32 [Microsoft Corporation] "C:\WINDOWS\system32\shell32.dll" 启用 b21ef9599bc2a599f69abe662bd882c3 url [Microsoft Corporation] "C:\WINDOWS\system32\url.dll" 启用 7576cda80bc3dcbfdd60e3f059afe3be urlmon [Microsoft Corporation] "C:\WINDOWS\system32\urlmon.dll" 启用 ef3311af673ba8ff6982b66eed28e877 user32 [Microsoft Corporation] "C:\WINDOWS\system32\user32.dll" 启用 f697644d5f59050fbe6af896c19cca93 version [Microsoft Corporation] "C:\WINDOWS\system32\version.dll" 启用 2c5fbee16e1c05f8ff604b158437abd2 wininet [Microsoft Corporation] "C:\WINDOWS\system32\wininet.dll" 启用 0556a1fc8eed25e82cc7184f8de9a8e5 wldap32 [Microsoft Corporation] "C:\WINDOWS\system32\wldap32.dll" 启用 9e5a35de16f9499e6323e94526f6c041 ====================打印监控==================== BJ Language Monitor [Microsoft Corporation] "C:\WINDOWS\system32\cnbjmon.dll" 启用 afb5e9e6d24f0531890c311863ac5757 Local Port [Microsoft Corporation] "C:\WINDOWS\system32\localspl.dll" 启用 c38d42e1cefbdf686f565d56d377cfdc Microsoft Document Imaging Writer Monitor [Microsoft Corporation] "C:\WINDOWS\system32\mdimon.dll" 启用 cf0376023360aadd55c89ba50564afdc PJL Language Monitor [Microsoft Corporation] "C:\WINDOWS\system32\pjlmon.dll" 启用 e918aa38be1b21254ad4dd816a3e3cf2 Standard TCP/IP Port [Microsoft Corporation] "C:\WINDOWS\system32\tcpmon.dll" 启用 a3f574d30c1a9cb6c14936b55fb1cedb USB Monitor [Microsoft Corporation] "C:\WINDOWS\system32\usbmon.dll" 启用 4d650a43ac674b3703f18ace33042b70 ====================随系统加载的其它模块==================== AtiExtEvent [ATI Technologies Inc.] (Ati2evxx.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent" 16566e7169a627c414a6a35aebae3243 CDBurn [Microsoft Corporation] (%SystemRoot%\system32\SHELL32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" b21ef9599bc2a599f69abe662bd882c3 crypt32chain [Microsoft Corporation] (crypt32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain" 37b151c5364617bfef0f3e6cd4b4f8ef cryptnet [Microsoft Corporation] (cryptnet.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet" 3a3345f46a0c1efcf7cf3c7011f75270 cscdll [Microsoft Corporation] (cscdll.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll" 5367c2839ecc3eede4c26ea4c16c5900 dimsntfy [Microsoft Corporation] (%SystemRoot%\System32\dimsntfy.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy" b568e33952b4fa3806b0da12226a9712 PostBootReminder [Microsoft Corporation] (%SystemRoot%\system32\SHELL32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" b21ef9599bc2a599f69abe662bd882c3 ScCertProp [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" 1761a1916119b4e34be1521a9e6876a5 Schedule [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule" 1761a1916119b4e34be1521a9e6876a5 sclgntfy [Microsoft Corporation] (sclgntfy.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy" 85b08d62a6dde9c39c1bf5a916ab46af SensLogn [Microsoft Corporation] (WlNotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn" 1761a1916119b4e34be1521a9e6876a5 SysTray [Microsoft Corporation] (C:\WINDOWS\system32\stobject.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 453b554fc3830752eddddc473a1ea5a4 termsrv [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv" 1761a1916119b4e34be1521a9e6876a5 URL 执行挂钩 [Microsoft Corporation] (shell32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" b21ef9599bc2a599f69abe662bd882c3 WebCheck [Microsoft Corporation] (%SystemRoot%\system32\webcheck.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 8ef94370fa71c84bdb7bd17831bbe255 wlballoon [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon" 1761a1916119b4e34be1521a9e6876a5 ====================调试相关项==================== Debugger [Microsoft Corporation] (drwtsn32 -p %ld -e %ld -g) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" e1f9f51cb449d2c9cc76682f0998439e ====================驱动程序==================== ACPI [Microsoft Corporation] 启用 "system32\DRIVERS\ACPI.sys" 60053c170357eedace8d88e9d87e993e aec [Microsoft Corporation] 启用 "system32\drivers\aec.sys" 8bed39e3c35d6a489438b8141717a557 AFD [Microsoft Corporation] 启用 "\SystemRoot\System32\drivers\afd.sys" 7618d5218f2a614672ec61a80d854a37 ALCXWDM [Realtek Semiconductor Corp.] 启用 "system32\drivers\ALCXWDM.SYS" 95aa37bec6c72c277c2caeaee736dd2d Arp1394 [Microsoft Corporation] 启用 "system32\DRIVERS\arp1394.sys" b5b8a80875c1dededa8b02765642c32f AsyncMac [Microsoft Corporation] 启用 "system32\DRIVERS\asyncmac.sys" b153affac761e7f5fcfa822b9c4e97bc atapi [Microsoft Corporation] 启用 "system32\DRIVERS\atapi.sys" 9f3a2f5aa6875c72bf062c712cfa2674 ati2mtag [ATI Technologies Inc.] 启用 "system32\DRIVERS\ati2mtag.sys" 2fbdfec8cd60cec3d55e615865333033 Atmarpc [Microsoft Corporation] 启用 "system32\DRIVERS\atmarpc.sys" 9916c1225104ba14794209cfa8012159 audstub [Microsoft Corporation] 启用 "system32\DRIVERS\audstub.sys" d9f724aa26c010a217c97606b160ed68 Beep [Microsoft Corporation] 启用 "" da1f27d85e0d1525f6621372e7b685e9 Cdaudio [Microsoft Corporation] 启用 "" c1b486a7658353d33a10cc15211a873b Cdrom [Microsoft Corporation] 启用 "system32\DRIVERS\cdrom.sys" 4b0a100eaf5c49ef3cca8c641431eacc Changer [] 启用 "" Disk [Microsoft Corporation] 启用 "system32\DRIVERS\disk.sys" 044452051f3e02e7963599fc8f4f3e25 dmio [Microsoft Corp., Veritas Software] 启用 "System32\drivers\dmio.sys" 5e87fcad72a24ad869aafd3c6a4dca45 dmload [Microsoft Corp., Veritas Software.] 启用 "System32\drivers\dmload.sys" e9317282a63ca4d188c0df5e09c6ac5f DMusic [Microsoft Corporation] 启用 "system32\drivers\DMusic.sys" 8a208dfcf89792a484e76c40e5f50b45 drmkaud [Microsoft Corporation] 启用 "system32\drivers\drmkaud.sys" 8f5fcff8e8848afac920905fbd9d33c8 EagleNT [] 启用 "\??\C:\WINDOWS\system32\drivers\EagleNT.sys" Fdc [Microsoft Corporation] 启用 "" 92cdd60b6730b9f50f6a1a0c1f8cdc81 Fips [Microsoft Corporation] 启用 "" 80a4f4c75683bfbfa359f6c8c51230a4 Flpydisk [Microsoft Corporation] 启用 "" 9d27e7b80bfcdf1cdd9b555862d5e7f0 FsVga [Microsoft Corporation] 启用 "system32\DRIVERS\fsvga.sys" ab4983120e4e4527ae9ffe4177ecd6e7 Ftdisk [Microsoft Corporation] 启用 "system32\DRIVERS\ftdisk.sys" 38375a4d9582a08c14c928cc099b8836 Gpc [Microsoft Corporation] 启用 "system32\DRIVERS\msgpc.sys" 0a02c63c8b144bd8c86b103dee7c86a2 HidUsb [Microsoft Corporation] 启用 "system32\DRIVERS\hidusb.sys" ccf82c5ec8a7326c3066de870c06daf1 HTTP [Microsoft Corporation] 启用 "System32\Drivers\HTTP.sys" f6aacf5bce2893e0c1754afeb672e5c9 i2omgmt [] 启用 "" i8042prt [Microsoft Corporation] 启用 "system32\DRIVERS\i8042prt.sys" 1694f6666dbee4d5bec6a5919eeb4d86 Imapi [Microsoft Corporation] 启用 "system32\DRIVERS\imapi.sys" 083a052659f5310dd8b6a6cb05edcf8e Ip6Fw [Microsoft Corporation] 启用 "system32\drivers\ip6fw.sys" 3bb22519a194418d5fec05d800a19ad0 IpFilterDriver [Microsoft Corporation] 启用 "system32\DRIVERS\ipfltdrv.sys" 731f22ba402ee4b62748adaf6363c182 IpInIp [Microsoft Corporation] 启用 "system32\DRIVERS\ipinip.sys" b87ab476dcf76e72010632b5550955f5 IpNat [Microsoft Corporation] 启用 "system32\DRIVERS\ipnat.sys" cc748ea12c6effde940ee98098bf96bb IPSec [Microsoft Corporation] 启用 "system32\DRIVERS\ipsec.sys" 23c74d75e36e7158768dd63d92789a91 IRENUM [Microsoft Corporation] 启用 "system32\DRIVERS\irenum.sys" c93c9ff7b04d772627a3646d89f7bf89 isapnp [Microsoft Corporation] 启用 "system32\DRIVERS\isapnp.sys" cb353452590cc3faeeef86de334d5f49 Kbdclass [Microsoft Corporation] 启用 "system32\DRIVERS\kbdclass.sys" 5b4d15cd20869778ebf282db0fc08a29 kmixer [Microsoft Corporation] 启用 "system32\drivers\kmixer.sys" 692bcf44383d056aed41b045a323d378 KSecDD [Microsoft Corporation] 启用 "" 1705745d900dabf2d89f90ebaddc7517 lbrtfdc [] 启用 "" mnmdd [Microsoft Corporation] 启用 "" 4ae068242760a1fb6e1a44bf4e16afa6 Modem [Microsoft Corporation] 启用 "" ba656ef98ce4049638794e390d78ef36 Mouclass [Microsoft Corporation] 启用 "system32\DRIVERS\mouclass.sys" 35ac8fd90e70f2e54cb4bfb21b4e1bf1 mouhid [Microsoft Corporation] 启用 "system32\DRIVERS\mouhid.sys" 692910b446d0b751b2462f3624c7b1a7 MountMgr [Microsoft Corporation] 启用 "" a80b9a0bad1b73637dbcbba7df72d3fd MSKSSRV [Microsoft Corporation] 启用 "system32\drivers\MSKSSRV.sys" d1575e71568f4d9e14ca56b7b0453bf1 MSPCLOCK [Microsoft Corporation] 启用 "system32\drivers\MSPCLOCK.sys" 325bb26842fc7ccc1fcce2c457317f3e MSPQM [Microsoft Corporation] 启用 "system32\drivers\MSPQM.sys" bad59648ba099da4a17680b39730cb3d mssmbios [Microsoft Corporation] 启用 "system32\DRIVERS\mssmbios.sys" af5f4f3f14a8ea2c26de30f7a1e17136 NDIS [Microsoft Corporation] 启用 "" 1df7f42665c94b825322fae71721130d NdisTapi [Microsoft Corporation] 启用 "system32\DRIVERS\ndistapi.sys" 1ab3d00c991ab086e69db84b6c0ed78f Ndisuio [Microsoft Corporation] 启用 "system32\DRIVERS\ndisuio.sys" f927a4434c5028758a842943ef1a3849 NdisWan [Microsoft Corporation] 启用 "system32\DRIVERS\ndiswan.sys" edc1531a49c80614b2cfda43ca8659ab NDProxy [Microsoft Corporation] 启用 "" 6215023940cfd3702b46abc304e1d45a NetBT [Microsoft Corporation] 启用 "system32\DRIVERS\netbt.sys" 74b2b2f5bea5e9a3dc021d685551bd3d NIC1394 [Microsoft Corporation] 启用 "system32\DRIVERS\nic1394.sys" e9e47cfb2d461fa0fc75b7a74c6383ea Null [Microsoft Corporation] 启用 "" 73c1e1f395918bc2c6dd67af7591a3ad NwlnkFlt [Microsoft Corporation] 启用 "system32\DRIVERS\nwlnkflt.sys" b305f3fad35083837ef46a0bbce2fc57 NwlnkFwd [Microsoft Corporation] 启用 "system32\DRIVERS\nwlnkfwd.sys" c99b3415198d1aab7227f2c88fd664b9 ohci1394 [Microsoft Corporation] 启用 "system32\DRIVERS\ohci1394.sys" ca33832df41afb202ee7aeb05145922f Parport [Microsoft Corporation] 启用 "system32\DRIVERS\parport.sys" 42580fdf84b2d08c3366819f80714274 PartMgr [Microsoft Corporation] 启用 "" beb3ba25197665d82ec7065b724171c6 ParVdm [Microsoft Corporation] 启用 "" 4f3fc4954972da46284641091deee02e PCI [Microsoft Corporation] 启用 "system32\DRIVERS\pci.sys" 28eca79bcd3883dc6cb0ac2b20fdb2f0 PCIDump [] 启用 "" PCIIde [Microsoft Corporation] 启用 "system32\DRIVERS\pciide.sys" a4d41f0279f405d6f5c19465aad82834 PDCOMP [] 启用 "" PDFRAME [] 启用 "" PDRELI [] 启用 "" PDRFRAME [] 启用 "" PptpMiniport [Microsoft Corporation] 启用 "system32\DRIVERS\raspptp.sys" efeec01b1d3cf84f16ddd24d9d9d8f99 Processor [Microsoft Corporation] 启用 "system32\DRIVERS\processr.sys" 16ec09d09798ea0ee38be594c5cac6b4 PSched [Microsoft Corporation] 启用 "system32\DRIVERS\psched.sys" 09298ec810b07e5d582cb3a3f9255424 Ptilink [Parallel Technologies, Inc.] 启用 "system32\DRIVERS\ptilink.sys" 80d317bd1c3dbc5d4fe7b1678c60cadd RasAcd [Microsoft Corporation] 启用 "system32\DRIVERS\rasacd.sys" fe0d99d6f31e4fad8159f690d68ded9c Rasl2tp [Microsoft Corporation] 启用 "system32\DRIVERS\rasl2tp.sys" 11b4a627bc9614b885c4969bfa5ff8a6 RasPppoe [Microsoft Corporation] 启用 "system32\DRIVERS\raspppoe.sys" 5bc962f2654137c9909c3d4603587dee Raspti [Microsoft Corporation] 启用 "system32\DRIVERS\raspti.sys" fdbb1d60066fcfbb7452fd8f9829b242 RDPCDD [Microsoft Corporation] 启用 "System32\DRIVERS\RDPCDD.sys" 4912d5b403614ce99c28420f75353332 rdpdr [Microsoft Corporation] 启用 "system32\DRIVERS\rdpdr.sys" 15cabd0f7c00c47c70124907916af3f1 RDPWD [Microsoft Corporation] 启用 "" 6728e45b66f93c08f11de2e316fc70dd redbook [Microsoft Corporation] 启用 "system32\DRIVERS\redbook.sys" 14615ebaf029cd0a7af97d10fbd900cd rtl8139 [Realtek Semiconductor Corporation] 启用 "system32\DRIVERS\RTL8139.SYS" d507c1400284176573224903819ffda3 Secdrv [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] 启用 "system32\DRIVERS\secdrv.sys" 90a3935d05b494a5a39d37e71f09a677 Serial [Microsoft Corporation] 启用 "" 81fa8e4f77964b6a606670b87c331c2e Sfloppy [Microsoft Corporation] 启用 "" 8e6b8c671615d126fdc553d1e2de5562 splitter [Microsoft Corporation] 启用 "system32\drivers\splitter.sys" ab8b92451ecb048a4d1de7c3ffcb4a9f swenum [Microsoft Corporation] 启用 "system32\DRIVERS\swenum.sys" 3941d127aef12e93addf6fe6ee027e0f swmidi [Microsoft Corporation] 启用 "system32\drivers\swmidi.sys" 8ce882bcc6cf8a62f2b2323d95cb3d01 sysaudio [Microsoft Corporation] 启用 "system32\drivers\sysaudio.sys" 8b83f3ed0f1688b4958f77cd6d2bf290 Tcpip [Microsoft Corporation] 启用 "system32\DRIVERS\tcpip.sys" cd00787894008369f56153b91fc28847 TDPIPE [Microsoft Corporation] 启用 "" 6471a66807f5e104e4885f5b67349397 TDTCP [Microsoft Corporation] 启用 "" c56b6d0402371cf3700eb322ef3aaf61 TermDD [Microsoft Corporation] 启用 "system32\DRIVERS\termdd.sys" 88155247177638048422893737429d9e Update [Microsoft Corporation] 启用 "system32\DRIVERS\update.sys" 402ddc88356b1bac0ee3dd1580c76a31 usbehci [Microsoft Corporation] 启用 "system32\DRIVERS\usbehci.sys" 65dcf09d0e37d4c6b11b5b0b76d470a7 usbhub [Microsoft Corporation] 启用 "system32\DRIVERS\usbhub.sys" 1ab3cdde553b6e064d2e754efe20285c usbohci [Microsoft Corporation] 启用 "system32\DRIVERS\usbohci.sys" 0daecce65366ea32b162f85f07c6753b usbstor [Microsoft Corporation] 启用 "system32\DRIVERS\USBSTOR.SYS" a32426d9b14a089eaa1d922e0c5801a9 VgaSave [Microsoft Corporation] 启用 "\SystemRoot\System32\drivers\vga.sys" 0d3a8fafceacd8b7625cd549757a7df1 VolSnap [Microsoft Corporation] 启用 "" 0cc9c065291b175cf6771d7edcd1b980 Wanarp [Microsoft Corporation] 启用 "system32\DRIVERS\wanarp.sys" e20b95baedb550f32dd489265c1da1f6 WDICA [] 启用 "" wdmaud [Microsoft Corporation] 启用 "system32\drivers\wdmaud.sys" 6768acf64b18196494413695f0c3a00f ====================桌面快捷方式==================== 快播QvodPlayer.lnk "D:\新建文件夹 (3)\QvodPlayer\QvodPlayer.exe " (Shenzhen QVOD Technology Co.,Ltd, 2.3 MB, 3, 0, 0, 57) a305595818d6f7c17e050d913cae6f4e ACD FotoCanvas Lite 2.0.lnk "C:\WINDOWS\Installer\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}\FotoCanvasLiteDesktopShortcut.exe " (InstallShield Software Corp., 64.0 KB, 7.04.262) 2fe31558e7a49cc3864d0a4f2b7956ce ACDSee 5.0.lnk "C:\WINDOWS\Installer\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}\ACDSeeDesktopShortcut.exe " (InstallShield Software Corp., 60.0 KB, 7.04.262) 3ffed77c9e0398c3fc936c2529ffd44c 修复瑞星软件.lnk "C:\Documents and Settings\All Users\Application Data\Rising\Rav\Data\Repair.url " (, 155 Bytes, ) 6046caca3f94704bcbc38771720fe5bf 账号保险柜.lnk "C:\Program Files\Rising\Rav\rssafety.exe " (Beijing Rising Information Technology Co., Ltd., 1.2 MB, 3.0.0.60) 96e598d763a8499813bfec81a48d6ed3 金山词霸 2003.lnk "C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE " (Kingsoft Co, Ltd., 820.0 KB, 6, 0, 3, 0) 794e5007d6e80f3bc1e844982a471717 Windows优化大师.lnk "D:\优化大师\Wopti\WoptiUtilities.exe " (Wopti, 6.1 MB, 7.93.9.305) bbdc88910032033429c0c98a67a02754 瑞星卡卡上网安全助手.lnk "C:\Program Files\Rising\AntiSpyware\ras.exe " (Beijing Rising Information Technology Co., Ltd., 38.1 KB, 6.0.0.7) 324645bf53d6c2a677cc135eacd91c91 QQ影音.lnk "D:\QQ影音\QQPlayer\QQPlayer.exe " (Tencent, 4.9 MB, 1.0.368.400) b69f2eff675f7a82a1cbfbf90300208a 迅雷5.lnk "D:\Thunder Network\Thunder.exe " (ShenZhen Thunder Networking Technologies,LTD, 49.5 KB, 5,8,12,689) aae311e077cc4d1443a1a512c9ecd0a8 QQ医生.lnk "C:\Program Files\Tencent\QQDoctor\QQDoctor.exe " (Tencent, 701.8 KB, 2, 1, 14, 201) b6efa3d1d7ae8f1d3fca004d46e92275 瑞星杀毒软件.lnk "C:\Program Files\Rising\Rav\RsMain.exe " (Beijing Rising Information Technology Co., Ltd., 70.6 KB, 21, 0, 0, 5) b73cd1c3e48d64b4acb171ea11b87b40 腾讯QQ.lnk "C:\Program Files\Tencent\QQ2009\Bin\QQ.exe " (Tencent, 133.3 KB, 1, 24, 562, 0) 9a26ecc4f68fdce9a7a0ec7f82a3ac80 天龙八部.lnk "D:\天龙\Launch.exe " (SOHU.COM Inc, 1.5 MB, 1.0.1.4) e53247fc97036bec6e38fbce3aa7dcfe 地下城与勇士.lnk "E:\地下城\start\DNFchina.exe " (, 3.6 MB, 3, 1, 3, 45) 4b41d64fad0860929d59496d181a45aa 反恐精英Online.lnk "E:\CS\Counter-Strike Online\Bin\CSOLauncher.exe " (Nexon, 1.3 MB, 1.0.0.1) 6e25ca077590d585dd7513b5bc3df5eb QQ游戏.lnk "E:\qq游戏\QQGAME\QQGame.exe " (深圳市腾讯计算机系统有限公司, 160.9 KB, 2, 3, 103, 8) 2d0a84b3151ffe3e8cc549fe75d3c75b QQ对战平台.lnk "E:\QQBattleZone\Tencent\QQBattleZone\QQBattleZone.exe " (腾讯公司, 384.1 KB, 0, 10, 4, 19) 89aff4c21be86396be7b08b5fb3eeb3f 酷我音乐文件夹.lnk "D:\KwDownload\song " (, 0 Bytes, ) 酷我音乐盒.lnk "D:\酷我音乐盒\KWMUSIC\KwMusic.exe " (酷我科技, 2.9 MB, 2.0.0.0) 7220fa0891df8f6d809f7249027fefa4 adsl.lnk " " (, , ) QQ音乐.lnk "C:\Program Files\Tencent\QQMusic\QQMusic.exe " (Tencent, 1.4 MB, 7, 23, 189, 204) a895da9220b1cd99a72235a997d09fb1 修复瑞星软件.lnk "C:\Documents and Settings\All Users\Application Data\Rising\Rav\Data\Repair.url " (, 155 Bytes, ) 6046caca3f94704bcbc38771720fe5bf