未知家族病毒分析
扫描结果:无可疑文件
系统活动进程
C:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\PROGRA~1\WINDOW~2\WMPBAND.DLL
C:\WINDOWS\SYSTEM32\IEFRAME.DLL
C:\WINDOWS\SYSTEM32\WPDSHSERVICEOBJ.DLL
C:\WINDOWS\SYSTEM32\BTNCOPY.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\PORTABLEDEVICETYPES.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\PROGRAM FILES\LENOVO\ENERGYCUT\HOOKLIB.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.DLL
C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.CHS
D:\PROGRAM FILES\TERACOPY\TERACOPYEXT.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL
C:\WINDOWS\SYSTEM32\IGFXPPH.DLL
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\WINDOWS\SYSTEM32\IGFXRESS.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
D:\PROGRAM FILES\UNLOCKER\UNLOCKERCOM.DLL
D:\PROGRAM FILES\ULTRAISO\ISOSHELL.DLL
D:\PROGRAM FILES\360\360SD\MENUEX.DLL
C:\WINDOWS\SYSTEM32\DWRCSH32.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DSBHO_00.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\MSOHEVI.DLL
D:\PROGRAM FILES\ULTRAEDIT-32\UE32CTMN.DLL
D:\PROGRA~1\WOPTI\WOPTIE~1.DLL
D:\PROGRAM FILES\7-ZIP\7-ZIP.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXED:\PROGRAM FILES\MOZILLA FIREFOX\XUL.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\SQLITE3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\MOZCRT19.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\JS3250.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\NSPR4.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\SMIME3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\NSS3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\NSSUTIL3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\PLC4.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\PLDS4.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\SSL3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\XPCOM.DLL
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\BROWSERDIRPROVIDER.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\BRWSRCMP.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\SOFTOKN3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\NSSDBM3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\FREEBL3.DLL
D:\PROGRAM FILES\MOZILLA FIREFOX\NSSCKBI.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
D:\PROGRAM FILES\SOGOUINPUT\4.2.2.2732\RESOURCE.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL
C:\WINDOWS\SYSTEM32\IEFRAME.DLL
C:\WINDOWS\SYSTEM32\WINLOGON.EXEC:\WINDOWS\SYSTEM32\VRLOGON.DLL
C:\WINDOWS\SYSTEM32\PSQLPWD.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\HOMEFUS2.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\HOMEPASS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\BIO.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\REMOTE.DLL
C:\WINDOWS\SYSTEM32\WGALOGON.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\CRYPTO.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLNOTES.EXED:\PROGRAM FILES\IBM\LOTUS\NOTES\NNOTESWS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXMLPROC.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\MSVCP71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\MSVCR71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNOTES.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\JS32.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLSCCSTR.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NDGTS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NDXLO.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXMLCOMMON.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\LTOUIN22.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXPM.DLL
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NSTRINGS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\MSVCP60.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NAMHOOK.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NTCP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNETBIOS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\ICC\ICCLIB\ICCLIB.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\ICC\OSSLIB\LIBEAY32.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\LTSPLN50.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLSXBE.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNTCP.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NPLUGINS.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12\MSOXEV.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL
C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.CHS
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
D:\PROGRAM FILES\SOGOUINPUT\4.2.2.2732\RESOURCE.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXED:\PROGRAM FILES\RISING\RAV\COMBASE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\RISING\RAV\CNT09.DLL
D:\PROGRAM FILES\RISING\RAV\MONCOMM.DLL
D:\PROGRAM FILES\RISING\RAV\MONBASE.DLL
D:\PROGRAM FILES\RISING\RAV\RSLOG.DLL
D:\PROGRAM FILES\RISING\RAV\MONDRV.DLL
D:\PROGRAM FILES\RISING\RAV\DEFMON.DLL
D:\PROGRAM FILES\RISING\RAV\MONCOM08.DLL
D:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
D:\PROGRAM FILES\RISING\RAV\FILEMON.DLL
D:\PROGRAM FILES\RISING\RAV\MAILMON.DLL
D:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL
D:\PROGRAM FILES\RISING\RAV\RSINDENT.DLL
D:\PROGRAM FILES\RISING\RAV\NCOMM.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\RISING\RAV\SYSLAY.DLL
D:\PROGRAM FILES\RISING\RAV\TASKPLUG.DLL
D:\PROGRAM FILES\RISING\RAV\SCANSRVP.DLL
D:\PROGRAM FILES\RISING\RAV\CNT08.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOMM.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\COMX3.DLL
D:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
D:\PROGRAM FILES\RISING\RAV\HOOKCONT.DLL
D:\PROGRAM FILES\RISING\RAV\BACORE.DLL
D:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
D:\PROGRAM FILES\RISING\RAV\REFS.DLL
D:\PROGRAM FILES\RISING\RAV\RSNETSVR.DLL
D:\PROGRAM FILES\RISING\RAV\RSSTORE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANADD.DLL
D:\PROGRAM FILES\RISING\RAV\SCANNER.DLL
D:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
D:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
D:\PROGRAM FILES\RISING\RAV\RSCONF.DLL
D:\PROGRAM FILES\RISING\RAV\RSTASK.DLL
D:\PROGRAM FILES\RISING\RAV\RSSTUB.DLL
D:\PROGRAM FILES\RISING\RAV\SCANSRV.DLL
D:\PROGRAM FILES\RISING\RAV\FFR.DLL
D:\PROGRAM FILES\RISING\RAV\NVFILE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL
D:\PROGRAM FILES\RISING\RAV\UNEXE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANEX.DLL
D:\PROGRAM FILES\RISING\RAV\PEARC.DLL
D:\PROGRAM FILES\RISING\RAV\SCANPE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANTJ.DLL
D:\PROGRAM FILES\RISING\RAV\UR000.DAT
D:\PROGRAM FILES\RISING\RAV\URUTILS.DLL
D:\PROGRAM FILES\RISING\RAV\METHODEX.DLL
D:\PROGRAM FILES\RISING\RAV\PECOMPD.DLL
D:\PROGRAM FILES\RISING\RAV\HEUREX.DLL
D:\PROGRAM FILES\RISING\RAV\EXTSFX.DLL
D:\PROGRAM FILES\RISING\RAV\REVM.DLL
D:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL
D:\PROGRAM FILES\RISING\RAV\SCANRAVT.DLL
D:\PROGRAM FILES\RISING\RAV\SCANBT.DLL
D:\PROGRAM FILES\RISING\RAV\SCANSTUB.DLL
D:\PROGRAM FILES\RISING\RAV\UR001.DAT
D:\PROGRAM FILES\RISING\RAV\EXTMAIL.DLL
D:\PROGRAM FILES\RISING\RAV\UR023.DAT
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXEC:\PROGRAM FILES\WINDOWS DEFENDER\MPSVC.DLL
C:\PROGRAM FILES\WINDOWS DEFENDER\MPCLIENT.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\DEFINITION UPDATES\{DFF961B1-BAC4-42D2-BD91-D4B799CCD123}\MPENGINE.DLL
C:\PROGRAM FILES\WINDOWS DEFENDER\MPRTPLUG.DLL
D:\PROGRAM FILES\RISING\RFW\RAVMOND.EXED:\PROGRAM FILES\RISING\RFW\COMBASE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\RISING\RFW\CNT09.DLL
D:\PROGRAM FILES\RISING\RFW\MONBASE.DLL
D:\PROGRAM FILES\RISING\RFW\MONCOMM.DLL
D:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
D:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
D:\PROGRAM FILES\RISING\RFW\RFWSRV.DLL
D:\PROGRAM FILES\RISING\RFW\SYSLAY.DLL
D:\PROGRAM FILES\RISING\RFW\MPORTS.DLL
D:\PROGRAM FILES\RISING\RFW\RFWDRVC.DLL
D:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
D:\PROGRAM FILES\RISING\RFW\RSNETSVR.DLL
D:\PROGRAM FILES\RISING\RFW\RFWARP.DLL
D:\PROGRAM FILES\RISING\RFW\COMX3.DLL
D:\PROGRAM FILES\RISING\RFW\URLRULE.DLL
D:\PROGRAM FILES\RISING\RFW\RECOMP.DLL
D:\PROGRAM FILES\RISING\RFW\REFS.DLL
D:\PROGRAM FILES\RISING\RFW\VIRUSLIB.DLL
D:\PROGRAM FILES\RISING\RFW\RELIBLDR.DLL
D:\PROGRAM FILES\RISING\RFW\RFWPROXY.DLL
D:\PROGRAM FILES\RISING\RFW\RSINDENT.DLL
D:\PROGRAM FILES\RISING\RFW\NCOMM.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\RISING\RFW\TASKPLUG.DLL
D:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RFW\PROCCOMM.DLL
D:\PROGRAM FILES\RISING\RFW\RSCONF.DLL
D:\PROGRAM FILES\RISING\RFW\RSTASK.DLL
D:\PROGRAM FILES\RISING\RFW\RSSTUB.DLL
D:\PROGRAM FILES\RISING\RFW\URLLIB.DLL
C:\WINDOWS\SYSTEM32\SMSS.EXED:\PROGRAM FILES\TENCENT\QQ2009\BIN\QQ.EXED:\PROGRAM FILES\TENCENT\QQ2009\BIN\COMMON.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\KERNELUTIL.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\GF.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\APPUTIL.DLL
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\MAINFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\MSVCP60.DLL
D:\PROGRAM FILES\TENCENT\TM2008\BIN\TXPFPROXY.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\IM.DLL
C:\PROGRAM FILES\COMMON FILES\TENCENT\TXSSO\BIN\SSOPLATFORM.DLL
C:\PROGRAM FILES\COMMON FILES\TENCENT\TXSSO\BIN\SSOCOMMON.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\TASKTRAY.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\SKINMGR.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\APPCTRL.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQSHOW\BIN\FLASHAVATARDLL.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH10B.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\KERNELMISC.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\APPMISC.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\CHATFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\CONFIGCENTER.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\CUSTOMFACE.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\LONGCNN.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\CONTACTINFOFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\MSGMGR.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\QINTERLIVE.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\SYSTEMMSG.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.PAIPAI\BIN\PAIPAI.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.AUDIOVIDEO\BIN\AUDIOVIDEO.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.MMOG\BIN\MMOG.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.SOSO\BIN\SOSO.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QZONE\BIN\QZONE.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.WEATHER\BIN\WEATHER.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.SOBAR\BIN\SOBAR.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.PAIPAIGIFT\BIN\PAIPAIGIFT.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQLIVE\BIN\QQLIVE.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQMUSIC\BIN\QQMUSIC.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.TAOTAO\BIN\TAOTAO.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\RICHED20.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SKCHUI.DLL
C:\WINDOWS\SYSTEM32\IEFRAME.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\GROUPAPP.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.SNSAPP\BIN\SNSAPP.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.PAYCENTER\BIN\PAYCENTER.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QBAR\BIN\QBAR.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQVIPMISC\BIN\QQVIPMISC.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.WENWEN\BIN\WENWEN.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.NETBAR\BIN\NETBAR.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.WIRELESS\BIN\WIRELESS.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.CRM\BIN\CRM.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQVIP\BIN\QQVIP.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.MEMO\BIN\MEMO.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQPET\BIN\QQPET.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.ADVERTISEMENT\BIN\ADVERTISEMENT.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQGAME\BIN\QQGAME.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.MAIL\BIN\MAIL.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQRING\BIN\QQRING.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQSHOW\BIN\QQSHOW.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.TODAY\BIN\TODAY.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.QQWEBSITE\BIN\QQWEBSITE.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\INFORMATIONBOX.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.FILETRANSFER\BIN\FILETRANSFER.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\ADDRSEARCH.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.GAMELIFE\BIN\GAMELIFE.DLL
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.WINKS\BIN\WINKS.DLL
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
D:\PROGRAM FILES\SOGOUINPUT\4.2.2.2732\RESOURCE.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\PLUGIN\COM.TENCENT.VAS\BIN\VAS.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\CAMERA.DLL
D:\PROGRAM FILES\TENCENT\QQ2009\BIN\SCCORE.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\SPOOLSV.EXEC:\WINDOWS\SYSTEM32\BTHCRP.DLL
C:\WINDOWS\SYSTEM32\WIDCOMMSDK.DLL
C:\WINDOWS\SYSTEM32\WBTAPI.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\FILTERPIPELINEPRINTPROC.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
C:\WINDOWS\SYSTEM32\CTFMON.EXEC:\WINDOWS\SYSTEM32\SERVICES.EXEC:\WINDOWS\APPPATCH\ACADPROC.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\LSASS.EXEC:\WINDOWS\SYSTEM32\PSQLPWD.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\HOMEFUS2.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NTASKLDR.EXED:\PROGRAM FILES\IBM\LOTUS\NOTES\NNOTES.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXMLPROC.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\MSVCP71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\MSVCR71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\JS32.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLSCCSTR.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NDGTS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NSTRINGS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NAMHOOK.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NHKDAEMN.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NWRDAEMNDLL.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NDXLO.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXMLCOMMON.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NTCP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNETBIOS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NHLDAEMN.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\ICC\ICCLIB\ICCLIB.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\ICC\OSSLIB\LIBEAY32.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNTCP.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NTLUPDAT.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXEC:\PROGRAM FILES\JAVA\JRE6\BIN\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
D:\PROGRAM FILES\DAMEWARE DEVELOPMENT\DAMEWARE NT UTILITIES\DWRCC.EXED:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\DAMEWARE DEVELOPMENT\DAMEWARE NT UTILITIES\DWRCCH.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
D:\PROGRAM FILES\SOGOUINPUT\4.2.2.2732\RESOURCE.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
C:\WINDOWS\SYSTEM32\SSCMNTR.EXEC:\WINDOWS\SYSTEM32\CSRSS.EXEC:\WINDOWS\SYSTEM32\TPSHOCKS.EXEC:\PROGRAM FILES\THINKPAD\TPSHOCKS\MUI\0804\TPSHOCKS.DLL
C:\WINDOWS\SYSTEM32\SENSOR.DLL
C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXEC:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\LENOVO\ENERGYCUT\KBDHOOK.DLL
D:\PROGRAM FILES\TENCENT\TM2008\BIN\TXPLATFORM.EXED:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\TENCENT\TM2008\BIN\TXPFPROXY.DLL
C:\WINDOWS\SYSTEM32\ALG.EXED:\PROGRAM FILES\RISING\RAV\RSTRAY.EXED:\PROGRAM FILES\RISING\RAV\COMSERV.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\RISING\RAV\RSLANG.DLL
D:\PROGRAM FILES\RISING\RAV\COMX3.DLL
D:\PROGRAM FILES\RISING\RAV\SYSLAY.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOMM.DLL
D:\PROGRAM FILES\RISING\RAV\RSXML.DLL
D:\PROGRAM FILES\RISING\RAV\MONSTATE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANEVNT.DLL
D:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RAV\RSCONF.DLL
D:\PROGRAM FILES\RISING\RAV\RSPALVD.DLL
D:\PROGRAM FILES\RISING\RAV\RAVBINTL.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\RISING\RAV\MRULEUI.DLL
D:\PROGRAM FILES\RISING\RAV\MONTRAY.DLL
D:\PROGRAM FILES\RISING\RAV\RAVITRAY.DLL
D:\PROGRAM FILES\RISING\RAV\RSMGINFO.DLL
D:\PROGRAM FILES\RISING\RAV\SCANLEAK.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\SCANPRXY.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.BASE_6.2.0.200809140300\WIN32\X86\NOTES2.EXED:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.BASE_6.2.0.200809140300\WIN32\X86\ECLIPSE_1114.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\CLASSIC\JVM.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9VM24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9THR24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9HOOKABLE24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9PRT24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9ZLIB24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\IVEREL24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9DMP24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\JSIG.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9JIT24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9GC24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9DYN24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9JVMTI24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9VRB24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\JCLSCAR_24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9SHR24.DLL
C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\JAVA.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\J9JAR24.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\ZIP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\NET.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.J2SE.WIN32.X86_1.6.0.20080709-200809140300\JRE\BIN\NIO.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLSXBE.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NXMLPROC.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNOTES.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\JS32.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NLSCCSTR.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NDGTS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\LTOUIN22.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\DATA\WORKSPACE\.CONFIG\ORG.ECLIPSE.OSGI\BUNDLES\369\1\.CP\SWT-WIN32-3448.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\DATA\WORKSPACE\.CONFIG\ORG.ECLIPSE.OSGI\BUNDLES\369\1\.CP\SWT-GDIP-WIN32-3448.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\DATA\WORKSPACE\.CONFIG\ORG.ECLIPSE.OSGI\BUNDLES\538\1\.CP\OS\WIN32\NOTESBOOTSTRAP.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NNOTESWC.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\NSTRINGS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.NET.STATUS.WIN32_6.1.0.0-200809140300\OS\WIN32\X86\RCP_NETSTATUS.DLL
D:\PROGRAM FILES\IBM\LOTUS\NOTES\FRAMEWORK\RCP\ECLIPSE\PLUGINS\COM.IBM.RCP.OS.WIN32_6.2.0.200809140300\OS\WIN32\X86\OS.DLL
C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXEC:\PROGRAM FILES\LENOVO\ENERGYCUT\HOOKLIB.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\PSQLTRAY.EXEC:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\PSQLTRAY.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\REMOTE.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\HOMEFUS2.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\BIO.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\APPLAUN.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\PWDBANK.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\HOMEPASS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\TCSKIN.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\TPMKEY.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFCORE.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\TSSCORE.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\MS2FS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FDHOME.DLL
D:\PROGRAM FILES\LENOVO\SYSIC\SYSICUD.EXED:\PROGRAM FILES\LENOVO\SYSIC\FILECTRL.DLL
D:\PROGRAM FILES\RISING\RFW\RSTRAY.EXED:\PROGRAM FILES\RISING\RFW\COMSERV.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\RISING\RFW\RSLANG.DLL
D:\PROGRAM FILES\RISING\RFW\COMX3.DLL
D:\PROGRAM FILES\RISING\RFW\SYSLAY.DLL
D:\PROGRAM FILES\RISING\RFW\PROCCOMM.DLL
D:\PROGRAM FILES\RISING\RFW\RSXML.DLL
D:\PROGRAM FILES\RISING\RFW\MONSTATE.DLL
D:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
D:\PROGRAM FILES\RISING\RFW\RSCONF.DLL
D:\PROGRAM FILES\RISING\RFW\RSPALVD.DLL
D:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RFW\RAVBINTL.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\RISING\RFW\RSNETSVR.DLL
D:\PROGRAM FILES\RISING\RFW\RSMGINFO.DLL
D:\PROGRAM FILES\RISING\RFW\RFWTRAY.DLL
D:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
D:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\TPHDEXLG.EXED:\PROGRAM FILES\RISING\RAV\RSCONFIG.EXEC:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\RISING\RAV\RSPALMGR.DLL
D:\PROGRAM FILES\RISING\RAV\RSXML.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
D:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RAV\RAVBINTL.DLL
D:\PROGRAM FILES\RISING\RAV\SYSLAY.DLL
C:\WINDOWS\SYSTEM32\NORMALIZ.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
D:\PROGRAM FILES\RISING\RAV\RSLANG.DLL
D:\PROGRAM FILES\RISING\RAV\RSCONF.DLL
D:\PROGRAM FILES\RISING\RAV\RSPALVD.DLL
D:\PROGRAM FILES\RISING\RAV\MRULEUI.DLL
D:\PROGRAM FILES\RISING\RAV\RSTASK.DLL
D:\PROGRAM FILES\RISING\RAV\RSNETSVR.DLL
D:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOMM.DLL
D:\PROGRAM FILES\RISING\RAV\RSCONFIG.DLL
D:\PROGRAM FILES\RISING\RAV\MONCFG.DLL
D:\PROGRAM FILES\RISING\RAV\DEFCFG.DLL
D:\PROGRAM FILES\RISING\RAV\PUBCFG.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\FARCHNS.DLL
C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\INFRA.DLL
D:\PROGRAM FILES\RISING\RAV\COMX3.DLL
G:\RSDETECT.EXED:\PROGRAM FILES\360\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL
普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunNvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
nwiz = NWIZ.EXE /INSTALL
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL,NVTASKBARINIT
EnergyUtility = C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE
EnergyCut = C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE
PSQLLauncher = "C:\PROGRAM FILES\LENOVOSECURITYSOLUTION FP\LAUNCHER.EXE" /STARTUP
IgfxTray = C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
TpShocks = TPSHOCKS.EXE
RTHDCPL = RTHDCPL.EXE
360Safetray = D:\PROGRAM FILES\360\360SAFE\SAFEMON\360TRAY.EXE /START
RavTray = "D:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE" -SYSTEM
RFWTray = "D:\PROGRAM FILES\RISING\RFW\RSTRAY.EXE" -SYSTEM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs =
系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "D:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde
其它启动项
WIN.INI无信息
SYSTEM.INISHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notifycrypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
dimsntfy = C:\WINDOWS\SYSTEM32\DIMSNTFY.DLL
igfxcui = IGFXDEV.DLL
psfus = C:\WINDOWS\SYSTEM32\PSQLPWD.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
WgaLogon = WGALOGON.DLL
wlballoon = WLNOTIFY.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonUserinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE
IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{01443AEC-0FD1-40fd-9C87-E93D1494C233} = D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = NULL
{889D2FEB-5411-4565-8998-1DD2C5261283} = d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} = C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO3.dll
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = D:\Program Files\360\360Safe\safemon\safemon.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} = C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1A02D7C-CD0D-4317-AA34-E72F320A4D30}] SEQPACKET 10 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1A02D7C-CD0D-4317-AA34-E72F320A4D30}] DATAGRAM 10 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5D74DFE-57DC-4362-841A-DBF1CED57AF0}] SEQPACKET 9 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5D74DFE-57DC-4362-841A-DBF1CED57AF0}] DATAGRAM 9 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{64A25668-C9E6-49D2-BA8F-36783AC545DE}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{64A25668-C9E6-49D2-BA8F-36783AC545DE}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB5AA142-34A9-40CB-B76E-02F65A97D646}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB5AA142-34A9-40CB-B76E-02F65A97D646}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{20BEE568-4916-4635-A8D1-D0FBC0E9EB4C}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{20BEE568-4916-4635-A8D1-D0FBC0E9EB4C}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{23DC56E2-9501-4351-A566-8B3B66737B4A}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{23DC56E2-9501-4351-A566-8B3B66737B4A}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D6AB726-FFF7-4D55-97CC-7B8EED349E65}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D6AB726-FFF7-4D55-97CC-7B8EED349E65}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DDB353D-877A-4258-BF57-F48AEB00413A}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DDB353D-877A-4258-BF57-F48AEB00413A}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51464779-F5F6-440A-A897-E3FAE76192B4}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51464779-F5F6-440A-A897-E3FAE76192B4}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D705D259-4249-4AB3-929C-0921F5592B6E}] SEQPACKET 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D705D259-4249-4AB3-929C-0921F5592B6E}] DATAGRAM 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{21A57617-9D4B-45A5-8A6E-D3F89BCFC7F4}] SEQPACKET 8 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{21A57617-9D4B-45A5-8A6E-D3F89BCFC7F4}] DATAGRAM 8 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
VMCI sockets DGRAM = D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VSOCKLIB.DLL
VMCI sockets STREAM = D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VSOCKLIB.DLL
系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services360rp = D:\PROGRAM FILES\360\360SD\360RP.EXE
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
aspnet_state = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Bonjour Service = "C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE"
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
btwdins = C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
clr_optimization_v2.0.50727_32 = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CPUCooLServer = D:\PROGRAM FILES\CPUCOOL\COOLSRV.EXE
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
Dot3svc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K DOT3SVC
EapHost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K EAPSVCS
EBOOSTRSVC = D:\PROGRAM FILES\EBOOSTR\EBSTRSVC.EXE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FLEXnet Licensing Service = "C:\PROGRAM FILES\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE"
FontCache3.0.0.0 = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\PRESENTATIONFONTCACHE.EXE
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
hkmsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
idsvc = "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\INFOCARD.EXE"
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
JavaQuickStarterService = "C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE" -SERVICE -CONFIG "C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\JQS.CONF"
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Lotus Notes Diagnostics = "D:\PROGRAM FILES\IBM\LOTUS\NOTES\NSD.EXE" -SVCINVOKE -INI "D:\PROGRAM FILES\IBM\LOTUS\NOTES\NOTES.INI"
MDM = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
msvsmon80 = "C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 8\COMMON7\IDE\REMOTE DEBUGGER\X86\MSVSMON.EXE" /SERVICE MSVSMON80
napagent = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NetTcpPortSharing = "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE"
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
odserv = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12\ODSERV.EXE"
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
rpcapd = "%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsRavMon = D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
RsRFWMon = D:\PROGRAM FILES\RISING\RFW\RAVMOND.EXE
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SbieSvc = "D:\PROGRAM FILES\SANDBOXIE\SBIESVC.EXE"
scan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BDX
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SLUSrvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K SLUSRVC
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSCMntr = C:\WINDOWS\SYSTEM32\SSCMNTR.EXE
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
STCAgent = C:\PROGRAM FILES\CISCO SYSTEMS\SSL VPN CLIENT\AGENT.EXE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{1A963DD2-8708-4932-ACE5-6327036AD264}
SysICUD = D:\PROGRAM FILES\LENOVO\SYSIC\SYSICUD.EXE
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TPHDEXLGSVC = C:\WINDOWS\SYSTEM32\TPHDEXLG.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ufad-ws60 = "D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VMWARE-UFAD.EXE" -D "D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\\" -S UFAD-P2V.XML
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VMAuthdService = "D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VMWARE-AUTHD.EXE"
VMnetDHCP = C:\WINDOWS\SYSTEM32\VMNETDHCP.EXE
vmount2 = "C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE"
VMware NAT Service = C:\WINDOWS\SYSTEM32\VMNAT.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
WinDefend = "C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE"
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WinTarget = "D:\PROGRAM FILES\STRING BEAN SOFTWARE\WINTARGET\WINTARGET.EXE"
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
WMPNetworkSvc = "C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE"
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WudfSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServiceseBoost = C:\WINDOWS\SYSTEM32\DRIVERS\EBOOST.SYS
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
ISODrive = D:\PROGRAM FILES\ULTRAISO\DRIVERS\ISODRIVE.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services360AntiArp = C:\WINDOWS\SYSTEM32\DRIVERS\360ANTIARP.SYS
360SelfProtection = C:\WINDOWS\SYSTEM32\DRIVERS\360SELFPROTECTION.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
ACPIEC = C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS
ACPIVPC = C:\WINDOWS\SYSTEM32\DRIVERS\ACPIVPC.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
Arp1394 = C:\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
b57w2k = C:\WINDOWS\SYSTEM32\DRIVERS\B57XP32.SYS
BFSDRV = C:\WINDOWS\SYSTEM32\DRIVERS\BFSDRV.SYS
BREGDRV = C:\WINDOWS\SYSTEM32\DRIVERS\BREGDRV.SYS
btaudio = C:\WINDOWS\SYSTEM32\DRIVERS\BTAUDIO.SYS
BTDriver = C:\WINDOWS\SYSTEM32\DRIVERS\BTPORT.SYS
BTKRNL = C:\WINDOWS\SYSTEM32\DRIVERS\BTKRNL.SYS
BTWDNDIS = C:\WINDOWS\SYSTEM32\DRIVERS\BTWDNDIS.SYS
btwmodem = C:\WINDOWS\SYSTEM32\DRIVERS\BTWMODEM.SYS
BTWUSB = C:\WINDOWS\SYSTEM32\DRIVERS\BTWUSB.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
CmBatt = C:\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS
Compbatt = C:\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS
CSVirtA = C:\WINDOWS\SYSTEM32\DRIVERS\CSVIRTA.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
EfiMon = C:\WINDOWS\SYSTEM32\DRIVERS\EFIMON.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
hcmon = C:\WINDOWS\SYSTEM32\DRIVERS\HCMON.SYS
HDAudBus = C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
hidusb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
hookcont = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKCONT.SYS
HookPort = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKPORT.SYS
hooksys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
ialm = C:\WINDOWS\SYSTEM32\DRIVERS\IGXPMP32.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntcAzAudAddService = C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kbdhid = C:\WINDOWS\SYSTEM32\DRIVERS\KBDHID.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
NETw4x32 = C:\WINDOWS\SYSTEM32\DRIVERS\NETW4X32.SYS
NIC1394 = C:\WINDOWS\SYSTEM32\DRIVERS\NIC1394.SYS
nm = C:\WINDOWS\SYSTEM32\DRIVERS\NMNT.SYS
NPF = C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
ohci1394 = C:\WINDOWS\SYSTEM32\DRIVERS\OHCI1394.SYS
Packet = C:\WINDOWS\SYSTEM32\DRIVERS\PROTODRV.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
Pcmcia = C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RFWARP = C:\WINDOWS\SYSTEM32\DRIVERS\RFWARP.SYS
RfwBase9 = C:\WINDOWS\SYSTEM32\DRIVERS\RFWBASE.SYS
rfwtdi = D:\PROGRAM FILES\RISING\RFW\RFWTDI.SYS
rimmptsk = C:\WINDOWS\SYSTEM32\DRIVERS\RIMMPTSK.SYS
rimsptsk = C:\WINDOWS\SYSTEM32\DRIVERS\RIMSPTSK.SYS
ROCKEYNT = C:\WINDOWS\SYSTEM32\DRIVERS\ROCKEY4.SYS
rsfwdrv = D:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
SafeBoxKrnl = C:\WINDOWS\SYSTEM32\DRIVERS\SAFEBOXKRNL.SYS
SbieDrv = D:\PROGRAM FILES\SANDBOXIE\SBIEDRV.SYS
ScsiPort = C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
sdbus = C:\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
Serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
Shockprf = C:\WINDOWS\SYSTEM32\DRIVERS\APSX86.SYS
smserial = C:\WINDOWS\SYSTEM32\DRIVERS\SMSERIAL.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
SSCBus = C:\WINDOWS\SYSTEM32\DRIVERS\SSCBUS.SYS
SscRdBus = C:\WINDOWS\SYSTEM32\DRIVERS\SSCRDBUS.SYS
SSCRDisk = C:\WINDOWS\SYSTEM32\DRIVERS\SSCRDISK.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
SysICDrv = C:\WINDOWS\SYSTEM32\DRIVERS\SYSICDRV.SYS
tcm = C:\WINDOWS\SYSTEM32\DRIVERS\TCM.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TcUsb = C:\WINDOWS\SYSTEM32\DRIVERS\TCUSB.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TPDIGIMN = C:\WINDOWS\SYSTEM32\DRIVERS\APSHM86.SYS
UnlockerDriver5 = D:\PROGRAM FILES\UNLOCKER\UNLOCKERDRIVER5.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VBoxDrv = C:\WINDOWS\SYSTEM32\DRIVERS\VBOXDRV.SYS
VBoxNetAdp = C:\WINDOWS\SYSTEM32\DRIVERS\VBOXNETADP.SYS
VBoxNetFlt = C:\WINDOWS\SYSTEM32\DRIVERS\VBOXNETFLT.SYS
VBoxUSBMon = C:\WINDOWS\SYSTEM32\DRIVERS\VBOXUSBMON.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
vmci = C:\WINDOWS\SYSTEM32\DRIVERS\VMCI.SYS
vmkbd = C:\WINDOWS\SYSTEM32\DRIVERS\VMKBD.SYS
VMnetAdapter = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETADAPTER.SYS
VMnetBridge = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETBRIDGE.SYS
VMnetuserif = C:\WINDOWS\SYSTEM32\DRIVERS\VMNETUSERIF.SYS
vmx86 = C:\WINDOWS\SYSTEM32\DRIVERS\VMX86.SYS
vstor2 = C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VSTOR2.SYS
vstor2-ws60 = D:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VSTOR2-WS60.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WmiAcpi = C:\WINDOWS\SYSTEM32\DRIVERS\WMIACPI.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
WudfPf = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFPF.SYS
WudfRd = C:\WINDOWS\SYSTEM32\DRIVERS\WUDFRD.SYS