路径:C盘下的IEXPLORE.EXE
名字:模块覆盖型灰鸽子

用瑞星专杀查出来的,
问我是否删除,我点是!
我晕 蓝屏. 从起后在杀,还是一样.

【回复“jinjianhong”的帖子】
    我也中了和你一样的灰鸽子。
但我点清除后就提示失败，然后就结束了在内存中的病毒进程。
  重起后在查还是有！
我现在头都大了！~~~~~~~~~
 
    也希望版主能帮帮忙啊！~~~~~~~~~~

请下载并使用HijackThis1.99.1,把HijackThis
                  1.99.1生成的log日志文件的内容贴上来，方便大家分析。

                  有关操作方法可参考：
                  【推荐】反浏览器劫持的一些常用操作
                  http://forum.ikaka.com/topic.asp?board=67&artid=6490491

Logfile of HijackThis v1.99.1
Scan saved at 19:09:33, on 2006-4-20
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

运行进程:           
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Maxthon\Thundermini\ThunderMini.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\PerfectDisk\PDSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
E:\杀毒\HijackThis.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\System32\socul.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 搜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - Toolbar: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Maxthon\Thundermini\ThunderMini.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: &使用DuDu 加速器下载全部链接 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/203
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - Extra 'Tools' menuitem: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - Extra button: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
O9 - Extra button: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (文件故障)
O9 - Extra button: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (文件故障)
O17 - HKLM\System\CCS\Services\Tcpip\..\{51C398A0-960C-4E30-813E-96B25ABAF75E}: NameServer = 202.103.24.68 202.103.0.68



谢谢帮忙解决!~~~~~~~~~~~~~~~~~~~~

【回复“※丞丞※”的帖子】
日志不全，再扫几次试试，必须有023服务项（灰鸽子最主要的特征就是023项中的异常项目）。如果一直扫不出来，就只能改用别的工具了。

我扫了N遍还是只能扫到018项，所以我改用了“瑞星听诊器4.1”，不知道行不行？？





未知家族病毒分析
扫描结果:
C:\Program Files\Internet Explorer\IEXPLORE.EXE --> 与 Backdoor.Gpigeon 100%相似.


系统活动进程
C:\PROGRAM FILES\CFOSSPEED\SPD.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\LANG.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL

C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL

C:\PROGRAM FILES\P4P\P2PSVR.EXE
C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
C:\PROGRAM FILES\TENCENT\QQ\CORALASSIST.DLL
C:\PROGRAM FILES\TENCENT\QQ\CORALQQ.DLL
C:\PROGRAM FILES\TENCENT\QQ\IPSEARCHER.DLL
C:\PROGRAM FILES\TENCENT\QQ\MSVCR80.DLL
C:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
C:\PROGRAM FILES\TENCENT\QQ\MSVCP80.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQBASECLASSINDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQHELPERDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\BASICCTRLDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\RICHED32.DLL
C:\PROGRAM FILES\TENCENT\QQ\RICHED20.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQAPI.DLL
C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL
C:\PROGRAM FILES\TENCENT\QQ\LOGINCTRL.DLL
C:\PROGRAM FILES\TENCENT\QQ\NPKCNTC.DLL
C:\PROGRAM FILES\TENCENT\QQ\NPKPDB.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQRES.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQMAINFRAME.DLL
C:\PROGRAM FILES\TENCENT\QQ\CQQAPPLICATION.DLL
C:\PROGRAM FILES\TENCENT\QQ\NEWSKIN.DLL
C:\PROGRAM FILES\TENCENT\QQ\HOSTINGMGR.DLL
C:\PROGRAM FILES\TENCENT\QQ\CAMERADLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\MAILSUMMARY.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQSPACE.DLL
C:\PROGRAM FILES\TENCENT\QQ\VBSCRIPT.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQGROUPMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQCONFIGPLUGIN.DLL
C:\PROGRAM FILES\TENCENT\QQ\USERDEFINEDHEAD.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQSYSMSGMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\QRINGMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\PHONEAPI.DLL
C:\PROGRAM FILES\TENCENT\QQ\DIALERALLINONE.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\TENCENT\QQ\QQAVATAR.DLL
C:\PROGRAM FILES\TENCENT\QQ\FLASHAVATARDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\LONGCONNECTION.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPET.DLL
C:\PROGRAM FILES\TENCENT\QQ\BQQAPPLICATION.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPLUGIN.DLL
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\SHELLHOOK.DLL
C:\PROGRAM FILES\TENCENT\QQ\MSVCR71.DLL
C:\PROGRAM FILES\TENCENT\QQ\COMMERCESMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\PERSONALDESKTOP.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQUDPGETFILELIB.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQADDR.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQALLINONE.DLL
C:\PROGRAM FILES\TENCENT\QQ\SCCORE.DLL
C:\PROGRAM FILES\TENCENT\QQ\GDIPLUS.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQCUSTOMFACE.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\PROGRAM FILES\TENCENT\QQ\IMAGEOLE.DLL
C:\PROGRAM FILES\TENCENT\QQ\VQQMODULE.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQSCENEMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPHONEHELPER.DLL
C:\PROGRAM FILES\TENCENT\QQ\GROUPCONNECTION.DLL
C:\WINDOWS\SYSTEM32\MSADP32.ACM
C:\PROGRAM FILES\TENCENT\QQ\QQMAGICFACE.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPTED.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\PERFECTDISK\PDSCHED.EXE
C:\PROGRAM FILES\PERFECTDISK\PDCOMMON.DLL
C:\PROGRAM FILES\PERFECTDISK\PDLANGEN.DLL
C:\PROGRAM FILES\PERFECTDISK\PDSCHEDPS.DLL
C:\PROGRAM FILES\PERFECTDISK\PDENGINEPS.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\SHELLHOOK.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V4.DLL
C:\PROGRAM FILES\COOLWEBSITE\QUICKLINK.DLL
C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
C:\PROGRA~1\FLASHGET\JCCATCH.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\TUNEUP UTILITIES 2006\SDSHELEX.DLL
C:\PROGRAM FILES\TUNEUP UTILITIES 2006\RTL60.BPL
C:\PROGRAM FILES\TUNEUP UTILITIES 2006\VCL60.BPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\CONTEXT.DLL
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\LANG.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL

C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\DAEMON.DLL
C:\PROGRAM FILES\D-TOOLS\PFCTOC.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\CCDMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\MDSMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\PDIMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\NRGMOUNT.DLL
C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\BW5MOUNT.DLL

C:\PROGRAM FILES\MAXTHON\THUNDERMINI\THUNDERMINI.EXE
C:\PROGRAM FILES\MAXTHON\THUNDERMINI\BOOST_THREAD-VC6-MT-1_31.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE
C:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE
C:\PROGRAM FILES\SKYNET\FIREWALL\SKYMISC.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\CTFMON.EXE
D:\新建文件夹 (2)\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE
C:\PROGRAM FILES\MAXTHON\MAXZLIB.DLL
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
C:\PROGRAM FILES\P4P\TOOLBAR.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPSCRCH.DLL
C:\PROGRAM FILES\MAXTHON\SERVICES\REALTIME\REAL_TIME.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\IMSC40A.IME
C:\WINDOWS\SYSTEM32\PNCRT.DLL
C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\PNRS3260.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\P4P\FEED.DLL
C:\PROGRA~1\P4P\TOOLBAR.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\P4P\TOOLBAR.DLL

C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
SoundMan = SOUNDMAN.EXE
DAEMON Tools-1033 = "C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE" -LANG 1033
thunder_mini = C:\PROGRAM FILES\MAXTHON\THUNDERMINI\THUNDERMINI.EXE
cFosSpeed = C:\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
SKYNET Personal FireWall = C:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = C:\WINDOWS\SYSTEM32\CTFMON.EXE


系统文件关联
.exe ==> exefile = %1%*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\System32\xunleibho_v4.dll
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} = C:\Program Files\P4P\sodaie.dll
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} = C:\Program Files\CoolWebsite\QuickLink.dll
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
{38928D50-8A48-44C2-945F-D2F23F771410} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} = C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = C:\Program Files\Tencent\QQ\QQIEHelper.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
{A5366673-E8CA-11D3-9CD9-0090271D075B} = C:\PROGRA~1\FLASHGET\jccatch.dll
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} = C:\Program Files\Infofo Bar\infofobar.dll

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B917BA0-9245-4371-8777-9DF697F73B56}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B917BA0-9245-4371-8777-9DF697F73B56}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0CFDD02-9CF9-4E17-85E8-F7D7267F93DC}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0CFDD02-9CF9-4E17-85E8-F7D7267F93DC}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAC64F47-97D7-469A-A43C-8418D2177AEC}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAC64F47-97D7-469A-A43C-8418D2177AEC}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF73AC50-E393-401E-9928-6B63648ECD66}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF73AC50-E393-401E-9928-6B63648ECD66}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1824CD2-3E19-49A3-90AB-FE45C19E4AF8}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1824CD2-3E19-49A3-90AB-FE45C19E4AF8}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{29F1E97F-3D62-4C3A-A380-4F26524714F0}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{29F1E97F-3D62-4C3A-A380-4F26524714F0}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51C398A0-960C-4E30-813E-96B25ABAF75E}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51C398A0-960C-4E30-813E-96B25ABAF75E}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cFosSpeedS = "C:\PROGRAM FILES\CFOSSPEED\SPD.EXE" -SERVICE
cisvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DATEING = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,EXPORT 1087
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Distributed Link Tracking Clie = C:\WINDOWS\CACHE.EXE
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ewido security suite control = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE
ewido security suite guard = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOGUARD.EXE
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
kavsvc = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE"
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
License = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
ose = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE
P4P Service = C:\PROGRAM FILES\P4P\P2PSVR.EXE
PDEngine = C:\PROGRAM FILES\PERFECTDISK\PDENGINE.EXE
PDSched = C:\PROGRAM FILES\PERFECTDISK\PDSCHED.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
rpcapd = "%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{6EB726DF-47EF-40D9-B6AD-8961BCF4324B}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
usprserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Windows XP Vista = C:\WINDOWS\WINDOSSP.INI
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wxpdll32 = "C:\WINDOWS\WXPDLL32.EXE"
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
cFosSpeed = C:\WINDOWS\SYSTEM32\DRIVERS\CFOSSPEED.SYS
d347bus = C:\WINDOWS\SYSTEM32\DRIVERS\D347BUS.SYS
d347prt = C:\WINDOWS\SYSTEM32\DRIVERS\D347PRT.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
dtscsi = C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
EagleNT = C:\WINDOWS\SYSTEM32\DRIVERS\EAGLENT.SYS
ENTECH = C:\WINDOWS\SYSTEM32\DRIVERS\ENTECH.SYS
ewido security suite driver = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\GUARD.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
ids00026 = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY ANTI-VIRUS PERSONAL\5.0\BASES\IDS00026.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
ISP68X = C:\WINDOWS\SYSTEM32\DRIVERS\ISP68X.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
Klick = C:\WINDOWS\SYSTEM32\DRIVERS\KLICK.SYS
Klif = C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Klin = C:\WINDOWS\SYSTEM32\DRIVERS\KLIN.SYS
Klmc = C:\WINDOWS\SYSTEM32\DRIVERS\KLMC.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
nm = C:\WINDOWS\SYSTEM32\DRIVERS\NMNT.SYS
NPF = C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
npkycryp = C:\PROGRAM FILES\TENCENT\QQ\NPKYCRYP.SYS
NPPTNT2 = C:\WINDOWS\SYSTEM32\NPPTNT2.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
oreans32 = C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
prodrv06 = C:\WINDOWS\SYSTEM32\DRIVERS\PRODRV06.SYS
prohlp02 = C:\WINDOWS\SYSTEM32\DRIVERS\PROHLP02.SYS
prosync1 = C:\WINDOWS\SYSTEM32\DRIVERS\PROSYNC1.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
PSXGamepadEnabler = C:\WINDOWS\SYSTEM32\DRIVERS\PSXPAD.SYS
PsxPortEnumerator = C:\WINDOWS\SYSTEM32\DRIVERS\PSXENUM.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sfhlp01 = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP01.SYS
SKNFW = C:\WINDOWS\SYSTEM32\DRIVERS\SKNFW.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
SVKP = C:\WINDOWS\SYSTEM32\SVKP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TSP = C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
vctxkyin = C:\WINDOWS\SYSTEM32\DRIVERS\VCTXKYIN.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS


以上就是我用“瑞星听诊器4.1”扫描的日志