未知家族病毒分析
扫描结果:
无可疑文件
系统活动进程
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\FREELAUNCHBAR\FLB.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
C:\PROGRAM FILES\SOGOUINPUT\PLUGIN\SGIMEWORD.DLL
D:\RISING\REGCALL.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\KAKAEXT.DLL
D:\新建ALIWANGWANG文件夹\ALIIMEXT.DLL
C:\WINDOWS\SYSTEM32\NDSSHEX.DLL
C:\WINDOWS\SYSTEM32\YOUKUDESKTOPSHELL.DLL
D:\飞速ITUDOU\TUDOUUPLOAD.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXEV.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\APPPATCH\ACADPROC.DLL
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\NAP32.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\PROGRAM FILES\RISING\RSD\RSMGRSVC.EXE
C:\PROGRAM FILES\RISING\RSD\COMX3.DLL
C:\PROGRAM FILES\RISING\RSD\SYSLAY.DLL
D:\RISING\RISING\RFW\RAVMOND.EXE
D:\RISING\RISING\RFW\COMBASE.DLL
D:\RISING\RISING\RFW\CNT09.DLL
D:\RISING\RISING\RFW\MONBASE.DLL
D:\RISING\RISING\RFW\MONCOMM.DLL
D:\RISING\RISING\RFW\RSCONF.DLL
D:\RISING\RISING\RFW\RFWLOG.DLL
D:\RISING\RISING\RFW\RFWRULE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\RISING\RISING\RFW\RFWSRV.DLL
D:\RISING\RISING\RFW\SYSLAY.DLL
D:\RISING\RISING\RFW\MPORTS.DLL
D:\RISING\RISING\RFW\RFWDRVC.DLL
D:\RISING\RISING\RFW\FISHWEB.DLL
D:\RISING\RISING\RFW\RSINDENT.DLL
D:\RISING\RISING\RFW\TASKPLUG.DLL
D:\RISING\RISING\RFW\RFWPGDEF.DLL
D:\RISING\RISING\RFW\PROCCOMM.DLL
D:\RISING\RISING\RFW\COMX3.DLL
D:\RISING\RISING\RFW\RFWDRV.DLL
D:\RISING\RISING\RFW\RFWARP.DLL
D:\RISING\RISING\RFW\URLRULE.DLL
D:\RISING\RISING\RFW\RECOMP.DLL
D:\RISING\RISING\RFW\REFS.DLL
D:\RISING\RISING\RFW\VIRUSLIB.DLL
D:\RISING\RISING\RFW\RELIBLDR.DLL
D:\RISING\RISING\RFW\RFWPROXY.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RISING\RFW\RSLANG.DLL
D:\RISING\RISING\RFW\FWFISH.DLL
D:\RISING\RISING\RFW\FWCOMP.DLL
D:\RISING\RISING\RFW\FWFS.DLL
D:\RISING\RISING\RFW\FWVIRLIB.DLL
D:\RISING\RISING\RFW\FWLIBLDR.DLL
D:\RISING\RISING\RFW\RSTASK.DLL
D:\RISING\RISING\RFW\RSSTUB.DLL
D:\RISING\RISING\RFW\URLLIB.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\NAP32.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SYSTEM32\NAP32.DLL
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\FILTERPIPELINEPRINTPROC.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDNT5UI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDDM32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZSPOOL.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZGDI32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ZTAG32.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SDDMUI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SR32.DLL
D:\RISING\RFB\RSSMOND.EXE
D:\RISING\RFB\COMBASE.DLL
D:\RISING\RFB\MONCOMM.DLL
D:\RISING\RFB\MONBASE.DLL
D:\RISING\RFB\RSSAFETYMONDRIVER.DLL
D:\RISING\RFB\RSSAFETYMON.DLL
D:\RISING\RFB\RSSVIRUSMON.DLL
D:\RISING\RFB\PROCCOMM.DLL
D:\RISING\RFB\COMX3.DLL
D:\RISING\RFB\SYSLAY.DLL
D:\RISING\RFB\RSSDB.DLL
D:\RISING\RFB\RSPROTECT.DLL
D:\RISING\RAV\RAVMOND.EXE
D:\RISING\RAV\COMBASE.DLL
D:\RISING\RAV\RSCONF.DLL
D:\RISING\RAV\SCANSRVP.DLL
D:\RISING\RAV\CNT09.DLL
D:\RISING\RAV\MONCOMM.DLL
D:\RISING\RAV\MONBASE.DLL
D:\RISING\RAV\RSLOG.DLL
D:\RISING\RAV\RSSTORE.DLL
D:\RISING\RAV\MONDRVD.DLL
D:\RISING\RAV\DEFMON.DLL
D:\RISING\RAV\MONCOM08.DLL
D:\RISING\RAV\TASKPLUG.DLL
D:\RISING\RAV\MONDRVM.DLL
D:\RISING\RAV\MONRULE.DLL
D:\RISING\RAV\FILEMON.DLL
D:\RISING\RAV\MAILMON.DLL
D:\RISING\RAV\RSINDENT.DLL
D:\RISING\RAV\CNT08.DLL
D:\RISING\RAV\PROCCOMM.DLL
D:\RISING\RAV\COMX3.DLL
D:\RISING\RAV\SYSLAY.DLL
D:\RISING\RAV\HOOKSYS.DLL
D:\RISING\RAV\PROCCOM.DLL
D:\RISING\RAV\RSCOMMX2.DLL
D:\RISING\RAV\RSTASK.DLL
D:\RISING\RAV\RSSTUB.DLL
D:\RISING\RAV\RSLANG.DLL
D:\RISING\RAV\HOOKTDI.DLL
D:\RISING\RAV\BACORE.DLL
D:\RISING\RAV\RECOMP.DLL
D:\RISING\RAV\REFS.DLL
D:\RISING\RAV\VIRUSLIB.DLL
D:\RISING\RAV\RELIBLDR.DLL
D:\RISING\RAV\RSNETSVR.DLL
D:\RISING\RAV\BAWHITE.DLL
D:\RISING\RAV\SCANADD.DLL
D:\RISING\RAV\SCANNER.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\SCANSRV.DLL
D:\RISING\RAV\SCANPE.DLL
D:\RISING\RAV\PEARC.DLL
D:\RISING\RAV\ENGEXT.DLL
D:\RISING\RAV\FFR.DLL
D:\RISING\RAV\NVFILE.DLL
D:\RISING\RAV\SCANEXEC.DLL
D:\RISING\RAV\UNEXE.DLL
D:\RISING\RAV\SCANEX.DLL
D:\RISING\RAV\SCANTJ.DLL
D:\RISING\RAV\SCANSCT.DLL
D:\RISING\RAV\VMICORE.DLL
D:\RISING\RAV\UR029.DAT
D:\RISING\RAV\UR025.DAT
D:\RISING\RAV\URUTILS.DLL
D:\RISING\RAV\EXTMAIL.DLL
D:\RISING\RAV\SCANRAVT.DLL
D:\RISING\RAV\SCANBT.DLL
D:\RISING\RAV\SCANSTUB.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH10O.OCX
C:\WINDOWS\SYSTEM32\NAP32.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL
C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.51204.0\NPCTRL.DLL
C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.51204.0\AGCORE.DLL
F:\QQDOWN~1\MSN文~1\TIMWP.DLL
D:\RISING\RAV\RSTRAY.EXE
D:\RISING\RAV\COMSERV.DLL
D:\RISING\RAV\RSLANG.DLL
D:\RISING\RAV\COMX3.DLL
D:\RISING\RAV\SYSLAY.DLL
D:\RISING\RAV\PROCCOMM.DLL
D:\RISING\RAV\RSXML.DLL
D:\RISING\RAV\MONSTATE.DLL
D:\RISING\RAV\SCANEVNT.DLL
D:\RISING\RAV\RSGUILIB.DLL
D:\RISING\RAV\RSCONF.DLL
D:\RISING\RAV\RSPALVD.DLL
D:\RISING\RAV\MRULEUI.DLL
D:\RISING\RAV\MONTRAY.DLL
D:\RISING\RAV\RSMGINFO.DLL
D:\RISING\RAV\USBSERV.DLL
D:\RISING\RAV\SCANTRAY.DLL
D:\RISING\RAV\PNGDLL.DLL
D:\RISING\RAV\DFW.DLL
D:\RISING\RAV\SCANPRXY.DLL
D:\RISING\RAV\GCOMPT.DLL
D:\RISING\RAV\ISOL.DLL
D:\RISING\RAV\RSSTORE.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\R瑞星产品新功能演示\卡卡精华帖之进程察看--工具夹\瑞星听诊器.EXE
D:\RISING\REGCALL.DLL
D:\R瑞星产品新功能演示\卡卡精华帖之进程察看--工具夹\家鸽小助手1.91\J-TASK.EXE
C:\WINDOWS\SYSTEM32\ODBCBCP.DLL
D:\RISING\REGCALL.DLL
D:\RISING\RISING\RFW\RSTRAY.EXE
D:\RISING\RISING\RFW\COMSERV.DLL
D:\RISING\RISING\RFW\RSLANG.DLL
D:\RISING\RISING\RFW\COMX3.DLL
D:\RISING\RISING\RFW\SYSLAY.DLL
D:\RISING\RISING\RFW\PROCCOMM.DLL
D:\RISING\RISING\RFW\RSXML.DLL
D:\RISING\RISING\RFW\MONSTATE.DLL
D:\RISING\RISING\RFW\RFWRULE.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
D:\RISING\RISING\RFW\RSCONF.DLL
D:\RISING\RISING\RFW\RSPALVD.DLL
D:\RISING\RISING\RFW\RSGUILIB.DLL
D:\RISING\RISING\RFW\RSNETSVR.DLL
D:\RISING\RISING\RFW\RSMGINFO.DLL
D:\RISING\RISING\RFW\RFWTRAY.DLL
D:\RISING\RISING\RFW\RFWLOG.DLL
D:\RISING\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\WINDOWS\SOUNDMAN.EXE
D:\RISING\REGCALL.DLL
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
D:\RISING\REGCALL.DLL
D:\RISING\RSTRAY.EXE
D:\RISING\RSMGINFO.DLL
D:\RISING\REGCALL.DLL
D:\RISING\RSXML.DLL
D:\RISING\COMSERV.DLL
D:\RISING\SYSLAY.DLL
D:\RISING\MSVCP71.DLL
D:\RISING\MSVCR71.DLL
D:\RISING\RSCOMMON.DLL
D:\RISING\COMX3.DLL
D:\RISING\RSXML1.DLL
D:\RISING\PNGDLL.DLL
D:\RISING\RUNIEP.DLL
D:\RISING\NCOMM.DLL
D:\RISING\RAV\PROCCOM.DLL
D:\RISING\RSCOMMX2.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
C:\PROGRAM FILES\THE WORLD 2.1\THEWORLD.EXE
D:\RISING\REGCALL.DLL
C:\WINDOWS\SYSTEM32\IKUTM.DLL
D:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH10O.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SOGOUPY.IME
C:\PROGRAM FILES\SOGOUINPUT\PLUGIN\SGIMEWORD.DLL
普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
runeip = "D:\RISING\RSTRAY.EXE" /STARTUP
ms08_067_patch = "C:\WINDOWS\SYSTEM32\NAP32.EXE" /RUN
RavTRAY = "D:\RISING\RAV\RSTRAY.EXE" -SYSTEM
RFWTRAY = "D:\RISING\RISING\RFW\RSTRAY.EXE" -SYSTEM
RadDown = "C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RFWDOWN\RAD0316007.EXE" -AUTO
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
SafetyBox = "D:\RISING\RFB\SAFETYBOX.EXE" -TRAY
SoundMan = SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay = D:\RISING\RUNONCE.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
其它启动项
WIN.INI
无信息
SYSTEM.INI
SHELL = Explorer.exe
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
dimsntfy = C:\WINDOWS\SYSTEM32\DIMSNTFY.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE
IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{43BEAFD9-E005-483D-A367-146BA6C8A32E} = D:\飞速Tudou\tudouDetector.dll
{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} = D:\高品质~1\XM安装~2\Shark\XIAMIP~1.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} = C:\WINDOWS\system32\UrlFilter.dll
{A412E581-59B2-485E-834F-C5F0C0268C79} = D:\PowerWord Lite\CBEBand.DLL
Winsock SPI
Youku Smart aPercieve LSP over MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
Youku Smart aPercieve LSP over MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
Youku Smart aPercieve LSP over MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\IKUTM.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD nwlnkipx [IPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B568D4C-F239-44A5-98F3-358EF20A5028}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B568D4C-F239-44A5-98F3-358EF20A5028}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3D2597-9A7F-41CD-A303-1B707C0BFDB3}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3D2597-9A7F-41CD-A303-1B707C0BFDB3}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37159B4-19AD-4B0F-ABCB-E43340470FC1}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37159B4-19AD-4B0F-ABCB-E43340470FC1}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B894DA9B-F5C2-4603-A1A7-F7690FBD2D43}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B894DA9B-F5C2-4603-A1A7-F7690FBD2D43}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
Youku Smart aPercieve LSP = C:\WINDOWS\SYSTEM32\IKUTM.DLL
系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
Dot3svc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K DOT3SVC
EapHost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K EAPSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
hkmsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
LanmanServer = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LiveUpdate = "C:\PROGRA~1\SYMANTEC\LIVEUP~1\LUCOMS~1.EXE"
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
napagent = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsMgrSvc = "C:\PROGRAM FILES\RISING\RSD\RSMGRSVC.EXE"
RsRavMon = "D:\RISING\RAV\RAVMOND.EXE"
RsRFWMon = "D:\RISING\RISING\RFW\RAVMOND.EXE"
RsSafetyBoxMon = "D:\RISING\RFB\RSSMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{01D2D807-31A4-4D8B-A20D-6D8ED11FDC7F}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
Sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
