瑞星卡卡安全论坛
櫻り箜釋﹀ァ - 2006-1-2 7:29:00
向楼主学习了
shakekilling - 2006-1-12 14:48:00
不错,顶一下
流浪猫猫 - 2006-1-18 17:38:00
帮你顶上去!~虽然我没耐心看完和使用!!
不过我相信我会有时间来向你学习的!~
友好人士 - 2006-3-6 19:34:00
我还没来得及看完,相见恨晚呀,先顶上去,否则这么好的介绍沉了就不好了.有时间再学吧.
BlackStone - 2006-3-8 17:38:00
友好人士 - 2006-3-10 22:26:00
今晚我终于有时间一口气看完了,楼主真是个热心肠的好人呀!水平高,人品更是没得说.以后我再用,再顶一下.建议楼主把工具更新的下载连接地址固定在一楼.
友好人士 - 2006-3-10 22:31:00
刚刚回到一楼又看了下,原来一楼也有个链接和这里一样的,不知两处链接下载的版本是否相同?
友好人士 - 2006-3-10 22:37:00
又想到个问题要咨询:这两个工具下载安装后是否会随开机自启动?或者是打开它的时候才运行(如果是这样最好)?
友好人士 - 2006-3-10 22:43:00
唉呀,不好意思,还想问问楼主,这两个工具下载后还需要什么设置吗(就如SSM)?和防火墙有没有冲突
BlackStone - 2006-3-13 14:24:00
【回复“友好人士”的帖子】
1)下载链接是固定的,作者会不定时更新
2)这两个工具不需要安装,与其他软件应该不会有冲突,只是在10.6版本后第一次运行是会提示一次License对话框,直接点接受就可以了
孤身只影 - 2006-3-22 1:24:00
楼主大哥,我下载Autoruns后解压出来有两个".exe"文件,一个是autorunsc.exe,另一个是autoruns.exe.这个autoruns.exe打开后和你上面给出的画面是一样的,而另外一个autorunsc.exe双击后出现一个好像是Dos窗口一闪而过就不见了,这会不会是捆绑的木马呀?
网络笨羊 - 2006-3-22 8:14:00
今天仔细把所有的贴都看完了.收获不小啊.
网络笨羊 - 2006-3-22 8:55:00
我的IE只要打开任何一个网页(只打开一个网页,之前没有其他任何网络的活动),用netstat -ano命令查看网络连接,经常发现同时有许多TCP连接连接到我的电脑,少则4至5个,多则十几个.连接状态有的是establelished 状态,有的是time wait状态 有的是syn_sent状态.查看这些连接的PID和相关进程,发现相当一部分是iexplore的,还有的就是system的(状态均为time wait),这些IP地址我查了一下,有的是国内的,例如苏州、上海、福建、广州等等。有的是国外的如日本的、美国的、加拿大的。另外.还经常出现的问题是只要我用百度搜霸,防火墙就一定跳出对话框"iexplore.exe正在向202.108.205.204发送UDP信息包"之类的警示.有时打开别的网页也是如此.想问一下,这种情况,是不是ie被插入了反弹木马.以前在反浏览器劫持和本论坛都发过贴.也用HijackThis_V1.99.1扫描了日志让baohe斑竹和魔法学徒斑竹看过,他们都说从日志上看不出问题来.可我总是不放心.想请你帮我再看看.我用ProcessExplorerNt查看了进程中的iexplore.exe.发现正在发送UDP包(当时我正在咱论坛上,没打开别的网页).我截了个图.麻烦你帮我看看.
附件:
612710200632285545.JPG
网络笨羊 - 2006-3-22 9:12:00
这是autoruns日志
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ CmUsbSoundCmiCnfg DLLC-Media Corporationc:\windows\system\cmcnfgu.cpl
+ KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal pro\kav.exe
+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe
+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ NvMediaCenterNVIDIA Media Center LibraryNVIDIA Corporationc:\windows\system32\nvmctray.dll
+ nwizNVIDIA nView Wizard, Version 100.35 NVIDIA Corporationc:\windows\system32\nwiz.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ 卡巴斯基反黑客.lnkKaspersky Anti-HackerKaspersky Labc:\program files\kaspersky lab\kaspersky anti-hacker\kavpf.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop ExplorerNVIDIA Desktop Explorer, Version 100.35 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 100.35 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ NvCpl DesktopContext ClassNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 100.35 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Play on my TV helperNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 6.0 for ActivieXAdobe Systems Incorporatedd:\program files\adobe\reader\activex\acroiehelper.dll
+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll
+ 百度搜霸BaiduBar Modulec:\windows\downloaded program files\baidubar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ BaiduBarBaiduBar Modulec:\windows\downloaded program files\baidubar.dll
+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGetFlashGetAmaze Softc:\program files\flashget\flashget.exe
HKLM\System\CurrentControlSet\Services
+ kavsvcKaspersky Anti-Virus ServiceKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal pro\kavsvc.exe
+ Lenovo TV Recodingc:\program files\lenovo\数码家电\lxrecsvr.exe
+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ UleadBurningHelperULCDRSvrUlead Systems, Inc.c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
HKLM\System\CurrentControlSet\Services
+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys
+ ALCXSENSSensaura WDM 3D Audio DriverSensaurac:\windows\system32\drivers\alcxsens.sys
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ ati2mtaaATI RAGE 128 Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtaa.sys
+ cmudauC-Media USB Audio WDM DriverC-Media Incc:\windows\system32\drivers\cmudau.sys
+ CX23880CxVCap, Video Capture Driver, Official BuildConexant Systems, Inc.c:\windows\system32\drivers\cx88vid.sys
+ CX88XBARCxXBar, Crossbar Driver, Official BuildConexant Systems, Inc.c:\windows\system32\drivers\cx88xbar.sys
+ CXTUNECxTuner, Tuner Driver, Official BuildConexant Systems, Inc.c:\windows\system32\drivers\cx88tune.sys
+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS
+ Kl1Kaspersky Anti-Hacker Only DriverKaspersky Labc:\windows\system32\drivers\kl1.sys
+ Klifspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys
+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\windows\system32\drivers\klmc.sys
+ KlpfklpfKLc:\windows\system32\drivers\klpf.sys
+ KlpidklpidKLc:\windows\system32\drivers\klpid.sys
+ KRegExFile not found: C:\WINDOWS\system32\drivers\KRegEx.sys
+ LenovoFc:\windows\system32\drivers\lenovof.sys
+ LenovoRc:\windows\system32\drivers\lenovor.sys
+ MarsUsbUSB remote receive and control device driverBitland Information Technology Co.,Ltdc:\windows\system32\drivers\marsusb.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 71.84 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys
+ RTL8023Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnic51.sys
+ rtl8029NDIS 5.0 driverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8029.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ SkkbdfPS/2 Keyboard Filter Driver for Win2000Silitek Corp.c:\windows\system32\drivers\skkbdf.sys
+ VIAudioVIA Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\ac97via.sys
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\自然风光.scr幸福相册屏保联想(北京)有限公司c:\windows\自然风光.scr
网络笨羊 - 2006-3-22 9:14:00
procexp日志
Process PID CPU Description Company Name
System Idle Process 0 95.10
Interrupts n/a 0.98 Hardware Interrupts
DPCs n/a 0.98 Deferred Procedure Calls
System 4
SMSS.EXE 512 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 580 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 604 Windows NT Logon Application Microsoft Corporation
SERVICES.EXE 652 1.96 Services and Controller app Microsoft Corporation
SVCHOST.EXE 812 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 860 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 924 Generic Host Process for Win32 Services Microsoft Corporation
SPOOLSV.EXE 1172 Spooler SubSystem App Microsoft Corporation
KAVSVC.EXE 1328 Kaspersky Anti-Virus Service Kaspersky Lab
lxRecSvr.exe 1356
NVSVC32.EXE 1384 NVIDIA Driver Helper Service, Version 71.84 NVIDIA Corporation
SCCMonitor.exe 1408
LenovoSmartControlCenter.exe 1540
ULCDRSvr.exe 1484 ULCDRSvr Ulead Systems, Inc.
WDFMGR.EXE 1528 Windows User Mode Driver Manager Microsoft Corporation
SVCHOST.EXE 3620 Generic Host Process for Win32 Services Microsoft Corporation
LSASS.EXE 664 LSA Shell (Export Version) Microsoft Corporation
EXPLORER.EXE 1272 Windows Explorer Microsoft Corporation
Skdaemon.exe 244 Skdaemon Microsoft 基础类应用程序
RUNDLL32.EXE 252 Run a DLL as an App Microsoft Corporation
RUNDLL32.EXE 260 Run a DLL as an App Microsoft Corporation
SOUNDMAN.EXE 268 Realtek Sound Manager Realtek Semiconductor Corp.
LenovoHD.exe 292 联想安全中心 Lenovo
LenovoHDPro.exe 1696 LenovoHDPro Microsoft 基础类应用程序
realsched.exe 372 RealNetworks Scheduler RealNetworks, Inc.
KAV.EXE 400 Kaspersky Anti-Virus GUI Part Kaspersky Lab
CTFMON.EXE 408 CTF Loader Microsoft Corporation
MSMSGS.EXE 424 Windows Messenger Microsoft Corporation
KAVPF.exe 1220 Kaspersky Anti-Hacker Kaspersky Lab
iexplore.exe 3052 Internet Explorer Microsoft Corporation
flashget.exe 1648 FlashGet Amaze Soft
autoruns.exe 3824 Autostart program viewer Sysinternals - www.sysinternals.com
procexp.exe 3904 0.98 Sysinternals Process Explorer Sysinternals
CONIME.EXE 3452 Console IME Microsoft Corporation
友好人士 - 2006-3-22 13:15:00
| 引用: |
【孤身只影的贴子】楼主大哥,我下载Autoruns后解压出来有两个".exe"文件,一个是autorunsc.exe,另一个是autoruns.exe.这个autoruns.exe打开后和你上面给出的画面是一样的,而另外一个autorunsc.exe双击后出现一个好像是Dos窗口一闪而过就不见了,这会不会是捆绑的木马呀?
........................... |
我也发现这种情况,不过解压后我用记事本打开粗略检查了一下好像两个可执行文件都没什么异常,由于不是很放心我试着把它卸载,可以卸完.我也想问问autorunsc.exe是什么?
BlackStone - 2006-3-22 14:28:00
| 引用: |
【孤身只影的贴子】楼主大哥,我下载Autoruns后解压出来有两个".exe"文件,一个是autorunsc.exe,另一个是autoruns.exe.这个autoruns.exe打开后和你上面给出的画面是一样的,而另外一个autorunsc.exe双击后出现一个好像是Dos窗口一闪而过就不见了,这会不会是捆绑的木马呀?
........................... |
autorunsc.exe是一个控制台程序,也就是说你需要在CMD中运行它
具体可参考
123楼
PS:这位朋友和“友好人士”朋友好像看贴看的不够仔细啊
BlackStone - 2006-3-22 14:40:00
【回复“网络笨羊”的帖子】
127.0.0.1是本机的默认IP地址,写在%systemRoot%\system32\drivers\etc目录下的hosts文件中。
至于你191楼的IE建立的UDP连接应该没什么问题,并且从Autoruns日志中也未发现什么可疑的启动项
如果你对你的机子还是不放心,可以参考一下
http://forum.ikaka.com/topic.asp?board=28&artid=7538008希望有所帮助
孤身只影 - 2006-3-22 15:18:00
【回复“BlackStone”的帖子】哦,原来这样,哪我不进行123楼的操作而仅仅使用Autoruns.exe,它的功能不会受影响吧?那个Autorunsc.exe我不管它行吗?
风飘飘158 - 2006-3-31 23:13:00
恩 不错 坐下来看看~~
言无忌163 - 2006-4-21 14:38:00
文件名:IEXPLORE.EXE
文件路径:IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE
病毒名:Backdoor.Gpigeon.uvc
状态:清除成功
轩辕小聪 - 2006-4-21 14:52:00
【回复“言无忌163”的帖子】
晕,灰鸽子的干嘛发这个帖子里。回自己原来的帖子或另发一主题帖,用HijackThis或Autoruns扫个日志发上来。本来应该是个不复杂的问题,怎么搞了一个星期,还连日志都没发上来呀?!
BlackStone - 2006-5-12 10:27:00
Process Explorer 升级到10.11
升级内容:
1) 在Vista系统上进程属性页中增加进程循环计数列
2) 增加查看和编辑服务权限功能
3) 修改在.NET运行时的句柄泄漏
4) 增加进程属性中I/O列内容
5) 增加系统和每个进程的I/O字节历史图表
6) 增加I/O历史记录图表
7) 增加内存提交历史记录图表
8) 增加可选择I/O历史托盘图标
9) 支持基于Itanium的64位Windows
下载地址:
http://www.sysinternals.com/Files/ProcessExplorerNt.zip
友好人士 - 2006-5-15 23:11:00
看到Baohe大叔在推荐,我把这贴子顶出。。
清风之雷 - 2006-5-19 1:35:00
哎!看晚了!好帖啊!现在再学习也不晚!
kaka新手 - 2006-6-8 23:38:00
在这个帖子里,楼主一共发了32张图,真够耐心细致的。多谢楼主,全都收藏了。
asdf437 - 2006-6-9 20:30:00
不知道怎么分辩那个是病毒。。。。???可以说具体点吗,?谢了
BlackStone - 2006-6-27 15:37:00
BlackStone - 2006-7-12 10:14:00
Procexp升级到 10.20。
更新内容:
*针对Vista增加了“integrity level”和“Virutalized”列
*对于x64处理器上的64位Vista上驱动做了签名
下载地址:
http://www.sysinternals.com/Files/ProcessExplorerNt.zip
羽翼の涅磐 - 2006-8-17 3:01:00
HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ DAEMON Tools-1033 Virtual DAEMON Manager (Not verified) DAEMON'S HOME c:\program files\d-tools\daemon.exe
+ kav Kaspersky Anti-Virus (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ LetsCool File not found: C:\Program Files\LetsCool\LetsCool.exe
+ nwiz NVIDIA nView Wizard, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ WinampAgent File not found: ;
+ YOKAssiant File not found: C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido anti-spyware 4.0 ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. d:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop Explorer NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Web Anti-Virus Script Monitor Internet Explorer plugin (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Ad Class File not found: C:\WINDOWS\SeAd\SeAd44d5bfdd.dll
+ Letscool System Helper Letscool Network IE Helper (Not verified) LETSCOOL Network Technology c:\windows\system32\coolbho.dll
+ QQBrowserHelperObject Class QQIEHelper Module (Not verified) 深圳市腾讯计算机系统有限公司 d:\program files\tencent\qq\qqiehelper.dll
+ Thunder Browser Helper XunLeiBHO (Not verified) Thunder Networking Technologies,LTD c:\program files\thunder network\thunder\comdlls\xunleibho_002.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ YOK超级搜索 File not found: http://www.yok.com
+ 番茄花园 File not found: http://www.tomatolei.com
+ 启动迅雷 (Not verified) Thunder Networking Technologies,LTD c:\program files\thunder network\thunder\thunder.exe
+ 腾讯QQ QQ (Not verified) TENCENT d:\program files\tencent\qq\qq.exe
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ AVP Provides protection against computer viruses and spyware. (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ ewido anti-spyware 4.0 guard ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. d:\program files\ewido anti-spyware 4.0\guard.exe
+ UpdateService c:\windows\system32\updateservice.exe
HKLM\System\CurrentControlSet\Services
+ atapi c:\windows\system32\drivers\atapi.sys
+ d346bus PnP BIOS Extension (Not verified) c:\windows\system32\drivers\d346bus.sys
+ d346prt SCSI miniport (Not verified) c:\windows\system32\drivers\d346prt.sys
+ ewido anti-spyware 4.0 driver d:\program files\ewido anti-spyware 4.0\guard.sys
+ kl1 Kaspersky Unified Driver (Not verified) Kaspersky Lab c:\windows\system32\drivers\kl1.sys
+ klif spuper-ptor (Not verified) Kaspersky Lab c:\windows\system32\drivers\klif.sys
+ npkcrypt nProtect KeyCrypt Driver (Not verified) INCA Internet Co., Ltd. d:\program files\tencent\qq\npkcrypt.sys
+ npkycryp File not found: D:\Program Files\Tencent\QQ\npkycryp.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SOFTWARE\Microsoft\Command Processor\Autorun
HKCU\SOFTWARE\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ klogon Logon Visualizer (Not verified) Kaspersky Lab c:\windows\system32\klogon.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
大侠帮我看看吧。。。
我的IE被我卸载了,用的TT
我访问不了QQ空间,提示我浏览器不支持Q-zone的某些特性。。
© 2000 - 2026 Rising Corp. Ltd.