瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】离奇的回收站和IE浏栏器

12   1  /  2  页   跳转

【求助】离奇的回收站和IE浏栏器

收藏
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:06 | 只看楼主 短消息 资料
字号: 1楼

【求助】离奇的回收站和IE浏栏器

回收站根本打不开..双击就死机了...(其他功能正常)
F8安全模式可以顺利打开..清空后回到一般模式又是一样的...
瑞星全面杀毒未发现病毒...
开机后打开网站文字很大...修改后无效[<查看>/<文字大小>]大概十分钟后出现一个蓝色动画.好像是Windows 的标识,而且小助手卡卡的头像会跳一下...后文字恢复的正常大小
开机后什么程序也不动.进入..<开始>/><注销>/<切换用户>后回到开机的那个用户会出现..四个程序正在运行
最后编辑2006-05-13 14:35:55
分享到:
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-05-12 15:07 | 短消息 资料
字号: 2楼

【回复“Q理俊Q”的帖子】
之前进行了什么操作?
gototop
 
ttgyb
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-04-13
  • 来自:
发表于: 2006-05-12 15:14 | 短消息 资料
字号: 3楼

之前卸载过什么?ie是什么版本,是否出现过桌面上ie图标无法打开网页而只能通过X:\Program Files\Internet Explorer\IEXPLORE.exe才可访问网页的情况?
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:16 | 只看楼主 短消息 资料
字号: 4楼

四月底浏栏网站的时候有病毒警告..后来删除了病毒..
五月一号中午突然断电后网络就不能用.
后来才注意到回收站不能打开
网络一直到昨天下午才搞定.但是就是开始文字很大...
其他没有没有什么操作.
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:27 | 只看楼主 短消息 资料
字号: 5楼

【回复“ttgyb”的帖子】 没有那种情况
我以为是
五月七日:
病毒名称:蠕虫病毒阿芙伦
病毒发作特征:系统运行速度明显变慢,正在运行的反病毒软件突然关闭。
感染(破坏)文件:修改注册表的启动项,使之能在下次系统启动时被激活。病毒会隐藏在所有硬盘的回收站中,是一个文件名为随机字符串的EXE文件。同时,五月十一日该病毒也会发作
我以为是这个病毒..下载了瑞星的RavAvron.exe阿芙伦病毒的专杀软件.运行后就会出现一个错误报告AppName: ravavron.exe AppVer: 1.1.0.3 ModName: unknown
ModVer: 0.0.0.0 Offset: 6e28f9d7
以下文件将会出现在错误报告中
C:\DOCUME~1\yx\LOCALS~1\Temp\a5e6_appcompat.txt
以下是这个文件的内容
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="RavAvron.exe" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="RavAvron.exe" SIZE="113152" CHECKSUM="0x282CA9" BIN_FILE_VERSION="1.1.0.3" BIN_PRODUCT_VERSION="1.1.0.3" PRODUCT_VERSION="1, 1, 0, 3" FILE_DESCRIPTION="RavAvron" COMPANY_NAME="Beijing Rising Tech. Co., Ltd." PRODUCT_NAME="Rising RavAvron" FILE_VERSION="1, 1, 0, 3" ORIGINAL_FILENAME="RavAvron.exe" INTERNAL_NAME="RavAvron" LEGAL_COPYRIGHT="Copyright ? 2002" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.3" UPTO_BIN_PRODUCT_VERSION="1.1.0.3" LINK_DATE="01/16/2003 05:56:15" UPTO_LINK_DATE="01/16/2003 05:56:15" VER_LANGUAGE="中文(中国) [0x804]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="1144320" CHECKSUM="0xECE8734" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft(R) Windows(R) Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="(C) Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11E311" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:52:00" UPTO_LINK_DATE="08/04/2004 07:52:00" VER_LANGUAGE="中文(中国) [0x804]" />
</EXE>
</DATABASE>
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-05-12 15:31 | 短消息 资料
字号: 6楼

你有没有看到你不熟悉的什么进程?
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:37 | 只看楼主 短消息 资料
字号: 7楼

我用了瑞星听诊器未发现可疑的东西
未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YNOTIFIER.DLL

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDSXX.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDXXX.DLL

C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SERVEHOST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
G:\PROGRAM FILES\UGS\LICENSE SERVERS\UGNXFLEXLM\LMGRD.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
G:\PROGRAM FILES\UGS\LICENSE SERVERS\UGNXFLEXLM\UGLMD.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\CNBJMON2.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\VPRPROC.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRA~1\WINDOW~2\WMPBAND.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\WINDOWS\DOWNLO~1\GLADIATOR.DLL
C:\PROGRA~1\YOK.COM\SUPERS~1\YOK_SUPERSEARCH.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V14.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\PROGRAM FILES\SEARCHNET\SRVNET32.DLL
C:\PROGRAM FILES\COOLWEBSITE\QUICKLINK.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL
C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\JPWB.IME
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\PENCHS.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\SEARCHNET\SEARCHNET.EXE
C:\PROGRAM FILES\SEARCHNET\SRVNET32.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DOWNLO~1\GLADIATOR.DLL

C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\SEARCHNET\SRVNET32.DLL

G:\RSDETECT.EXE
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\SEARCHNET\SRVNET32.DLL

C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\THUNDER.EXE
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\UPDATEDOWNLOAD.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\DOWNLOAD_INTERFACE.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\LOG4CPLUS.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\STLPORT_VC646.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\MSGMANAGE.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\HISTORYINFO_MANAGE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\IEMBED.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\REGISTERDLL.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\FLOATBAR.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\ITARGETAD.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\PENCHS.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\SEARCHNET\SRVNET32.DLL
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
SoundMan = SOUNDMAN.EXE
ATIPTA = C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
SearchNet_Up = "C:\PROGRAM FILES\SEARCHNET\SERVEUP.EXE"
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
YLive.exe = C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
StormCodec_Helper = "C:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\STORMSET.EXE" /S /OPTI
CdnCtr = (NULL)
YOKAssiant = RUNDLL32.EXE C:\PROGRA~1\YOK.COM\SUPERS~1\YOK_SUPERSEARCH.DLL,YOKASSIANT
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
IESAddr = RUNDLL32 "C:\WINDOWS\DOWNLO~1\GLADIATOR.DLL",BOOT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE" /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:39 | 只看楼主 短消息 资料
字号: 8楼


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = EXPLORER.EXE


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\system32\xunleibho_v14.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{08A312BB-5409-49FC-9347-54BB7D069AC6} = C:\PROGRA~1\DESKAD~1\deskipn.dll
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} = C:\Program Files\CoolWebsite\QuickLink.dll
{2A0176FE-008B-4706-90F5-BBA532A49731} = C:\Program Files\SearchNet\SNHpr.dll
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
{38928D50-8A48-44C2-945F-D2F23F771410} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} = C:\WINDOWS\Downlo~1\IEHpr.dll
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = C:\Program Files\Tencent\QQ\QQIEHelper.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
{6671A431-5C3D-463d-A7CF-5587F9B7E191} = C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} = C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:\WINDOWS\downlo~1\CnsHook.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1E4B04B-E932-4F8D-9C93-F94448B795EC}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1E4B04B-E932-4F8D-9C93-F94448B795EC}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFD2C4F-574C-47B2-840D-C2CB1A24A6E7}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFD2C4F-574C-47B2-840D-C2CB1A24A6E7}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9612A876-FADB-42BC-8717-4E134D60DEE0}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9612A876-FADB-42BC-8717-4E134D60DEE0}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:39 | 只看楼主 短消息 资料
字号: 9楼

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
ATI Smart = C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
C-DillaCdaC11BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DATEING = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,EXPORT 1087
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
GrooveInstallerService = C:\PROGRAM FILES\GROOVE NETWORKS\GROOVE\BIN\GROOVEINSTALLERSERVICE.EXE
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
License = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
Remote Log = C:\WINDOWS\SYSTEM32\SERVEHOST.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{DECFE938-CDDB-4FDB-8E3E-006DFD3540E4}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
Unigraphics License Server (uglmd) = "G:\PROGRAM FILES\UGS\LICENSE SERVERS\UGNXFLEXLM\LMGRD.EXE"
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
gototop
 
Q理俊Q
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-05-12
  • 来自:
发表于: 2006-05-12 15:40 | 只看楼主 短消息 资料
字号: 10楼

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
ALCXSENS = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
Anfad = C:\WINDOWS\SYSTEM32\DRIVERS\ANFAD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
CdaC15BA = C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
E100B = C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
FAD = C:\WINDOWS\SYSTEM32\DRIVERS\FAD.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
KWatch3 = C:\WINDOWS\SYSTEM32\DRIVERS\KWATCH3.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
njselg4yt = C:\WINDOWS\SYSTEM32\DRIVERS\NJSELG4YT.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
oshack23.sys = C:\WINDOWS\SYSTEM32\DRIVERS\OSHACK23.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
ROCKEYNT = C:\WINDOWS\SYSTEM32\DRIVERS\ROCKEYNT.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
Sense3 = C:\WINDOWS\SYSTEM32\DRIVERS\SENSE3.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SMBios = C:\WINDOWS\SYSTEM32\DRIVERS\SMBIOS.SYS
SONYPVU1 = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
ykzcf = C:\WINDOWS\SYSTEM32\DRIVERS\YKZCF.SYS
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT