【求助】偶发上扫描日志，请帮看看是否中毒？？？ bbs.ikaka.com

newyn - 2007-4-20 11:19:00

[CODE]

2007-04-20,11:11:31

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\Firewall\pfw.exe> [广州众达天网技术有限公司]
<BDMCon><"C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg> [SOFTWIN S.R.L.]
<BDAgent><"C:\Program Files\Softwin\BitDefender10\bdagent.exe"> [SOFTWIN S.R.L.]
<RunShadowTip><C:\winnt\system32\Shadow\ShadowTip.exe> [PowerShadow]
<AntiArpSniffer><C:\AntiArpSniffer3\AntiArpSniffer.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><sockspy.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\winnt\system32\scrnsave.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[System Safety Monitor]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\System Safety Monitor.lnk --> C:\PROGRA~1\SYSTEM~1\SysSafe.exe [System Safety Limited]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\winnt\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[BitDefender Scan Server / bdss][Running/Auto Start]
<"C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\winnt\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[BitDefender Desktop Update Service / LIVESRV][Running/Auto Start]
<"C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service><SOFTWIN S.R.L.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\winnt\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[[Sentry5]Monitor Web-Activities / Sentry5AgentA][Running/Auto Start]
<E:\Program Files\softbar.com\Sentry5\SentryAgentA.exe><N/A>
[[Sentry5]Monitor Web-Files / Sentry5AgentB][Running/Auto Start]
<E:\Program Files\softbar.com\Sentry5\SentryAgentB.exe><N/A>
[[Sentry5]Data Communication / Sentry5AgentC][Running/Auto Start]
<E:\Program Files\softbar.com\Sentry5\SentryAgentC.exe><N/A>
[[Sentry5]Monitor SentryServices / Sentry5Dog][Running/Auto Start]
<E:\Program Files\softbar.com\Sentry5\SentryDog.exe><N/A>
[[Sentry5]Internet connection sharing(NAT) / Sentry5NAT][Running/Auto Start]
<E:\Program Files\softbar.com\Sentry5\SentryNAT.exe><N/A>
[Shadow System Service / ShadowSystemService][Running/Auto Start]
<C:\winnt\system32\shadow\ShadowService.exe><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[BitDefender Virus Shield / VSSERV][Running/Auto Start]
<"C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service><SOFTWIN S.R.L.>
[BitDefender Communicator / XCOMM][Running/Auto Start]
<"C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service><Softwin>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bdfdll / bdfdll][Running/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV][Running/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[bdpredir / bdpredir][Running/System Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys><Softwin SRL>
[BDRSDRV / BDRSDRV][Running/Auto Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS><N/A>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
<system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[SKNFW / SKNFW][Running/System Start]
<\??\C:\WINNT\system32\Drivers\SKNFW.sys><N/A>
[TDDI / TDDI][Running/Auto Start]
<\??\C:\winnt\system32\drivers\tddi.sys><SafeNet China Ltd.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\winnt\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>

==================================

newyn - 2007-4-20 11:20:00

【回复“newyn”的帖子】
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 168][\??\C:\winnt\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 1304][C:\winnt\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\winnt\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\winnt\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\winnt\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\winnt\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[PID: 1528][C:\PROGRA~1\SkyNet\Firewall\pfw.exe] [广州众达天网技术有限公司, 2.7.5.1000]
[C:\PROGRA~1\SkyNet\Firewall\SKYMISC.DLL] [N/A, ]
[C:\winnt\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\winnt\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1536][C:\Program Files\Softwin\BitDefender10\bdmcon.exe] [SOFTWIN S.R.L., 10, 2, 0, 15]
[C:\winnt\system32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\procinf.dll] [SOFTWIN S.R.L., 10, 2, 0, 7]
[C:\Program Files\Softwin\BitDefender10\TxTools.dll] [SOFTWIN S.R.L, 10, 2, 0, 0]
[C:\Program Files\Softwin\BitDefender10\BDGUICtl.dll] [Softwin, 10, 2, 0, 21]
[C:\Program Files\Softwin\BitDefender10\bdutils.dll] [, 10, 2, 0, 9]
[C:\winnt\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\winnt\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\winnt\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Softwin\BitDefender10\txmlx.dll] [Softwin, 10, 2, 0, 1]
[C:\Program Files\Softwin\BitDefender10\bdch.dll] [SOFTWIN, 1, 1, 300]
[C:\Program Files\Softwin\BitDefender10\bdsubmit.dll] [SOFTWIN, 1,2,0, 200]
[C:\Program Files\Softwin\BitDefender10\NAG.dll] [SOFTWIN S.R.L., 10.2.0.0]
[C:\winnt\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Softwin\BitDefender10\popup.dll] [SOFTWIN S.R.L., 10, 0, 0, 9]
[C:\Program Files\Softwin\BitDefender10\agentreg.dll] [TODO: <Company name>, 10.2.0.3]
[C:\Program Files\Softwin\BitDefender10\getfile.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\WSLib.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdusers.dll] [TODO: <Company name>, 10.1.0.0]
[C:\Program Files\Softwin\BitDefender10\main.dll] [SOFTWIN S.R.L., 10, 3, 0, 35]
[C:\Program Files\Softwin\BitDefender10\antivirus.dll] [SOFTWIN S.R.L., 10, 1, 0, 24]
[C:\Program Files\Softwin\BitDefender10\firewall.dll] [SOFTWIN S.R.L., 10, 2, 0, 61]
[C:\Program Files\Softwin\BitDefender10\Wizards.dll] [SOFTWIN S.R.L., 10, 3, 0, 0]
[C:\Program Files\Softwin\BitDefender10\dbokf.dll] [SOFTWIN, 10.2.0.1]
[C:\Program Files\Softwin\BitDefender10\antispam.dll] [SOFTWIN S.R.L, 10.0.0.1]
[C:\Program Files\Softwin\BitDefender10\antispy.dll] [SOFTWIN S.R.L., 10, 1, 0, 29]
[C:\Program Files\Softwin\BitDefender10\live.dll] [SOFTWIN S.R.L., 10, 2, 0, 21]
[C:\Program Files\Softwin\BitDefender10\vshield.dll] [SOFTWIN S.R.L., 10, 2, 1, 129]
[C:\Program Files\Softwin\BitDefender10\vscan.dll] [SOFTWIN S.R.L., 10, 1, 0, 34]
[C:\Program Files\Softwin\BitDefender10\quar.dll] [SOFTWIN S.R.L., 10, 2, 1, 18]
[C:\Program Files\Softwin\BitDefender10\quarcore.dll] [SOFTWIN S.R.L., 10, 2, 1, 16]
[C:\Program Files\Softwin\BitDefender10\NTTools.dll] [SOFTWIN S.R.L., 10, 1, 0, 7]
[C:\Program Files\Softwin\BitDefender10\bwlist.dll] [SOFTWIN S.R.L., 10.0.0.0]
[C:\Program Files\Softwin\BitDefender10\UnicoWS.dll] [Microsoft Corporation, 1.0.4018.0]
[C:\Program Files\Softwin\BitDefender10\ashield.dll] [SOFTWIN S.R.L., 10, 2, 0, 92]
[C:\Program Files\Softwin\BitDefender10\privintf.dll] [SOFTWIN S.R.L., 10, 2, 0, 25]
[C:\Program Files\Softwin\BitDefender10\sysinfo.dll] [SOFTWIN S.R.L., 10, 2, 0, 1057]
[C:\Program Files\Softwin\BitDefender10\BDElev.DLL] [SOFTWIN S.R.L., 1.0.0.1]
[PID: 1544][C:\Program Files\Softwin\BitDefender10\bdagent.exe] [SOFTWIN S.R.L., 10, 2, 0, 16]
[C:\Program Files\Softwin\BitDefender10\bdch.dll] [SOFTWIN, 1, 1, 300]
[C:\Program Files\Softwin\BitDefender10\bdsubmit.dll] [SOFTWIN, 1,2,0, 200]
[C:\winnt\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\winnt\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Softwin\BitDefender10\bdutils.dll] [, 10, 2, 0, 9]
[C:\winnt\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\winnt\system32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\procinf.dll] [SOFTWIN S.R.L., 10, 2, 0, 7]
[C:\Program Files\Softwin\BitDefender10\BDGUICtl.dll] [Softwin, 10, 2, 0, 21]
[C:\Program Files\Softwin\BitDefender10\txmlx.dll] [Softwin, 10, 2, 0, 1]
[C:\winnt\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 2, 0, 6]
[C:\Program Files\Softwin\BitDefender10\mimeinf.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bwlist.dll] [SOFTWIN S.R.L., 10.0.0.0]
[C:\Program Files\Softwin\BitDefender10\UnicoWS.dll] [Microsoft Corporation, 1.0.4018.0]
[PID: 1552][C:\winnt\system32\Shadow\ShadowTip.exe] [PowerShadow, 1, 0, 0, 1]
[C:\winnt\system32\Shadow\pDeskTop.dll] [N/A, ]
[PID: 1560][C:\AntiArpSniffer3\AntiArpSniffer.exe] [N/A, ]
[PID: 1568][C:\winnt\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1472][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 1128, 5462]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll] [Google Inc., 1, 2, 1128, 5462]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll] [Google Inc., 1, 2, 1128, 5462]
[PID: 580][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 6, 42]
[C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\winnt\system32\sockspy.dll] [N/A, ]
[C:\winnt\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\winnt\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\winnt\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLCTR80.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\winnt\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\winnt\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\winnt\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\winnt\system32\msratelc.dll] [Microsoft Corporation, 6.00.2800.1106]
[PID: 1924][C:\winnt\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\winnt\system32\sockspy.dll] [N/A, ]
[PID: 1984][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\winnt\system32\sockspy.dll] [N/A, ]
[PID: 1992][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.547\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\winnt\system32\sockspy.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.547\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. ["f:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
入口点错误：LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: C:\winnt\system32\sockspy.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛