瑞星卡卡安全论坛
limilaw - 2007-7-16 15:59:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-16 15:37:49) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
lxdmg
[AM] 1. c:\program files\common files\devicemanager\devicemanager.exe
DeviceManager Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
lxswitch
[AM] 2. c:\happyhome\幸福飞梭\lxswitch.exe
TGELogonSrv Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
NVSvc
[AM] 3. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 43.51
.text,.rdata,.data,.rsrc,
UMWdf
[A ] 4. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
UPHClean
[AM] 5. d:\program files\uphclean\uphclean.exe
Microsoft Corporation
User Profile Hive Cleanup Service
.text,.rdata,.data,.rsrc,
usnjsvc
[A ] 6. c:\program files\msn messenger\usnsvc.exe
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.text,.data,.rsrc,
WmdmPmSN
[A ] 7. c:\windows\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
Afc
[A ] 8. c:\windows\system32\drivers\afc.sys
Arcsoft, Inc.
Arcsoft(R) ASPI Shell
.text,.rdata,.data,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 9. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,_LTEXT,_PTEXT,.rdata,.data,.CRT,_LDATA,_PDATA,.data1,PAGE,INIT,.rsrc,.reloc,
BT848
[A ] 10. c:\windows\system32\drivers\cxvcap.sys
Windows (R) 2000 DDK provider
WDM Video Capture Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
CXTUNER
[A ] 11. c:\windows\system32\drivers\cxtuner.sys
Conexant Systems, Inc.
CxTuner, Tuner Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
CXXBAR
[A ] 12. c:\windows\system32\drivers\cxxbar.sys
Conexant Systems, Inc.
CxXBar, Crossbar Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
GT680x
[A ] 13. c:\windows\system32\drivers\gt680x.sys
USB Scanner Driver
.text,.data,INIT,.rsrc,.reloc,
HSFHWBS2
[A ] 14. c:\windows\system32\drivers\hsfhwbs2.sys
Conexant Systems
HSF_HWB2 WDM driver
.text,GLOBAL_I,.rdata,.data,.CRT,GLOBAL_I,PAGE,INIT,.rsrc,.reloc,
HSF_DP
[A ] 15. c:\windows\system32\drivers\hsf_dp.sys
Conexant Systems
HSF_DP driver
.text,_PARA_DA,.rdata,.data,.CRT,PAGE,INIT,.rsrc,.reloc,
mdmxsdk
[A ] 16. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
NPF
[A ] 17. c:\windows\system32\drivers\npf.sys
CACE Technologies
npf
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 18. d:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
pfc
[A ] 19. c:\windows\system32\drivers\pfc.sys
Padus, Inc.
Padus(R) ASPI Shell
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 20. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
safemon
[A ] 21. c:\windows\system32\drivers\safemon.sys
System Safety Limited
System Safety Monitor 2.0 extension for Windows security layer
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Secdrv
[A ] 22. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
Skkbdf
[A ] 23. c:\windows\system32\drivers\skkbdf.sys
Silitek Corp.
PS/2 Keyboard Filter Driver for Win2000
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SkyProcs
[A ] 24. d:\program files\skynet\firewall\skyprocs.sys
.text,.rdata,.data,INIT,.reloc,
snpshot
[A ] 25. c:\windows\system32\drivers\snpshot.sys
PowerShadow
Shadow System
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
UIUSys
[A ] 26. c:\windows\system32\drivers\uiusys.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
usbehci
[A ] 27. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
winachsf
[A ] 28. c:\windows\system32\drivers\hsf_cnxt.sys
Conexant Systems
WinACHSF driver
.text,_LTEXT,.rdata,.data,_LDATA,PAGESER,INIT,.rsrc,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
System Safety Monitor
[AM] 29. c:\windows\system32\ssmwinlogonex.dll
System Safety Limited
System Safety Manager
.text,.rdata,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[A ] 30. d:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[A ] 31. d:\program files\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
{9030D464-4C02-4ABF-8ECC-5164760863C6}
[A ] 32. c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft Corporation
WindowsLiveLogin.dll
.text,.data,.rsrc,.reloc,
{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
[AM] 33. d:\program files\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
{F156768E-81EF-470C-9057-481BA8380DBA}
[A ] 34. d:\program files\flashget\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Script
[A ] 35. c:\windows\web\related.htm
Exec
[A ] 36. d:\program files\flashget\flashget.exe
FlashGet.com
FlashGet
.text,.rdata,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
livecall
[A ] 37. c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
msnim
[A ] 37. c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}
[A ] 38. d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 39. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Auto Update Property Sheet Extension
[A ] 40. c:\windows\system32\wuaucpl.cpl
Microsoft Corporation
Automatic Updates Control Panel
.text,.data,.rsrc,.reloc,
Desktop Explorer
[A ] 41. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 43.51
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Desktop Explorer Menu
[A ] 41. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 43.51
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Messenger Sharing Folders
[A ] 42. c:\program files\msn messenger\fsshext.8.1.0178.00.dll
Microsoft Corporation
Messenger File Sharing Shell Extensions
.text,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 43. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
Portable Media Devices Menu
[A ] 43. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 44. d:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 45. d:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[A ] 46. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
limilaw - 2007-7-16 16:01:00
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nwiz
[A ] 47. c:\windows\system32\nwiz.exe
NVIDIA Corporation
NVIDIA nView Wizard, Version 43.51
.text,.rdata,.data,.rsrc,
SoundMan
[A ] 48. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.rsrc,
runeip
[AM] 49. d:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 50. d:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 51. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.bat
batfile\edit\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
batfile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.log
txtfile\open\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.txt
txtfile\open\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.cmd
cmdfile\edit\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
cmdfile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.reg
regfile\edit\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
regfile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.vbs
vbsfile\Edit\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
vbsfile\Print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.js
jsfile\Edit\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
jsfile\Print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.ini
inifile\open\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inifile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.inf
inffile\open\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inffile\print\Command
[A ] 52. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
limilaw - 2007-7-16 16:01:00
+ 其他自启动项目
+
Ice.exe
[A ] 53. d:\ice.exe
IceSword
.text,.rdata,.data,.rsrc,.aspack,.adata,
SREng.EXE
[A ] 54. d:\sreng.exe
Smallfrogs Studio
System Repair Engineer
.text,.rsrc,
+
Ice.exe
[A ] 53. d:\ice.exe
IceSword
.text,.rdata,.data,.rsrc,.aspack,.adata,
SREng.EXE
[A ] 54. d:\sreng.exe
Smallfrogs Studio
System Repair Engineer
.text,.rsrc,
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
联想键盘驱动程序.lnk
[AM] 55. c:\program files\legend\联想标准功能键盘驱动程序安装\skdaemon.exe
Skdaemon Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
Adobe Gamma Loader.lnk
[A ] 56. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
Adobe Systems, Inc.
Adobe Gamma Loader
.text,.rdata,.data,.rsrc,
+ C:\windows\Tasks
AppleSoftwareUpdate.job
[A ] 57. c:\program files\apple software update\softwareupdate.exe
Apple Computer, Inc.
Software Application
.text,.rdata,.data,.rsrc,
+ 正在运行的进程
+ 000000c0(192) Explorer.EXE
72C90000[00009000]
[ M] 58. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 59. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
013B0000[0001C000]
[AM] 33. d:\program files\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
00FA0000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
03720000[0000E000]
[ M] 61. d:\program files\arcsoft\software suite\photoimpression\share\pihook.dll
.text,.rdata,.data,Shared,.reloc,
019D0000[0002B000]
[AM] 44. d:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
+ 000000d0(208) runiep.exe
00400000[00012000]
[AM] 49. d:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00CF0000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000170(368) ctfmon.exe
10000000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000184(388) skdaemon.exe
00400000[0000A000]
[AM] 55. c:\program files\legend\联想标准功能键盘驱动程序安装\skdaemon.exe
Skdaemon Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
10000000[0003B000]
[ M] 62. c:\program files\legend\联想标准功能键盘驱动程序安装\macfun.dll
Silitek
MacFun
.text,.rdata,.data,.idata,.rsrc,.reloc,
00410000[00036000]
[ M] 63. c:\program files\legend\联想标准功能键盘驱动程序安装\opendriver.dll
Silitek
OpenDrive
.text,.rdata,.data,.idata,.rsrc,.reloc,
003E0000[00011000]
[ M] 64. c:\program files\legend\联想标准功能键盘驱动程序安装\osd.dll
silitek
OSD
.text,.rdata,.data,.rsrc,.reloc,
00450000[00008000]
[ M] 65. c:\windows\system32\lxkeyled.dll
Silitek
SetLight(int nLight)
.text,.rdata,.data,myshared,.rsrc,.reloc,
72C90000[00009000]
[ M] 58. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 59. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01040000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000001b8(440) smss.exe
+ 000001f8(504) csrss.exe
+ 00000218(536) winlogon.exe
03100000[00011000]
[AM] 29. c:\windows\system32\ssmwinlogonex.dll
System Safety Limited
System Safety Manager
.text,.rdata,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 58. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 59. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 0000024c(588) services.exe
+ 00000258(600) lsass.exe
+ 00000310(784) svchost.exe
+ 00000330(816) svchost.exe
+ 000003e8(1000) svchost.exe
+ 00000408(1032) spoolsv.exe
00930000[00005000]
[ M] 66. c:\windows\system32\spool\prtprocs\w32x86\vprproc.dll
Windows (R) 2000 DDK provider
Windows DDK Print DLL
.text,.data,.rsrc,.reloc,
+ 00000468(1128) alg.exe
+ 0000048c(1164) lxswitch.exe
00400000[00006000]
[AM] 2. c:\happyhome\幸福飞梭\lxswitch.exe
TGELogonSrv Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
+ 000004a8(1192) nvsvc32.exe
00400000[00013000]
[AM] 3. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 43.51
.text,.rdata,.data,.rsrc,
+ 00000510(1296) svchost.exe
+ 0000056c(1388) uphclean.exe
00400000[00030000]
[AM] 5. d:\program files\uphclean\uphclean.exe
Microsoft Corporation
User Profile Hive Cleanup Service
.text,.rdata,.data,.rsrc,
+ 000005a0(1440) DeviceManager.exe
00400000[00008000]
[AM] 1. c:\program files\common files\devicemanager\devicemanager.exe
DeviceManager Microsoft 基础类应用程序
.text,.rdata,.data,.rsrc,
00EF0000[00022000]
[ M] 67. c:\program files\ahead\nero\wnaspi32.dll
Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com
Nero Aspi Library
.text,_LTEXT,.rdata,.data,.rsrc,.reloc,
+ 000007b4(1972) taskmgr.exe
00B50000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
10000000[0001C000]
[AM] 33. d:\program files\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
+ 00000940(2368) Ras.exe
00400000[0013F000]
[ M] 68. d:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[0001C000]
[AM] 33. d:\program files\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
00E20000[000A3000]
[ M] 69. d:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
018A0000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
02810000[0002F000]
[ M] 70. d:\program files\rising\antispyware\engine.dll
Beijing Rising Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,
02940000[00012000]
[ M] 71. d:\program files\rising\antispyware\zip.dll
rising
zip
UPX0,UPX1,.rsrc,
+ 00000a78(2680) 360tray.exe
00400000[00029000]
[ M] 72. d:\program files\360safe\safemon\360tray.exe
奇虎网
360安全卫士实时保护模块
.text,.rdata,.data,.rsrc,
10000000[0001C000]
[AM] 33. d:\program files\360safe\safemon\safemon.dll
360安全卫士实时保护模块
.text,.rdata,.data,.share,.rsrc,.reloc,
00BD0000[0000C000]
[ M] 73. d:\program files\360safe\safemon\safekrnl.dll
奇虎网
360安全卫士实时保护模块
.text,.rdata,.data,.rsrc,.reloc,
00BE0000[00022000]
[ M] 74. d:\program files\360safe\antiadwa.dll
360Safe.com
360安全卫士检测模块
.text,.rdata,.data,.rsrc,.reloc,
00C10000[0001B000]
[ M] 60. d:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
limilaw - 2007-7-16 16:04:00
[CODE]
2007-07-15,23:42:50
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows XP Publisher]
<nwiz><nwiz.exe /install> [(Verified)Microsoft Windows XP Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows XP Publisher]
<NewRmtService ><C:\Program Files\NewRemoteControl\NewRmtService.exe> [Bitland Information Technology Co.,Ltd]
<lxdevclient><C:\Program Files\Common Files\DeviceManager\lxdevclient.exe> []
<runeip><"D:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<360Safetray><D:\Program Files\360safe\safemon\360tray.exe> [奇虎网]
<mppds><C:\windows\mppds.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows XP Publisher]
<SysTray><C:\WINDOWS\System32\st
object.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\windows\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows XP Publisher]
==================================
启动文件夹
[联想键盘驱动程序]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\联想键盘驱动程序.lnk --> C:\PROGRA~1\LEGEND\联想标~1\Skdaemon.exe []><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[DE7C283C / DE7C283C][Stopped/Auto Start]
<C:\windows\System32\D95111CE.EXE -k><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LEGEND DeviceManager Service / lxdmg][Stopped/Auto Start]
<C:\Program Files\Common Files\DeviceManager\DeviceManager.exe><>
[lxswitch / lxswitch][Stopped/Auto Start]
<C:\happyhome\幸福飞梭\lxswitch.exe><>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
<C:\windows\System32\nvsvc32.exe><NVIDIA Corporation>
[User Profile Hive Cleanup / UPHClean][Stopped/Auto Start]
<D:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
==================================
驱动程序
[PPdus ASPI Shell / Afc][Running/Manual Start]
<system32\drivers\Afc.sys><Arcsoft, Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[basic2 / basic2][Stopped/Manual Start]
<System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Legend Capture Card - Video / BT848][Stopped/Auto Start]
<system32\drivers\cxvcap.sys><Windows (R) 2000 DDK provider>
[BITC CxTuner, WDM TvTuner / CXTUNER][Stopped/Auto Start]
<system32\drivers\CXTUNER.sys><Conexant Systems, Inc.>
[Legend Capture Card - Crossbar / CXXBAR][Stopped/Auto Start]
<system32\drivers\CXXBAR.sys><Conexant Systems, Inc.>
[GrandTechICNameNT / GT680x][Stopped/Manual Start]
<System32\Drivers\gt680x.sys><>
[HSFHWBS2 / HSFHWBS2][Stopped/Manual Start]
<System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Stopped/Manual Start]
<System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[hsf_msft / hsf_msft][Stopped/Manual Start]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[mdmxsdk / mdmxsdk][Stopped/Auto Start]
<System32\DRIVERS\mdmxsdk.sys><Conexant>
[Netgroup Packet Filter / NPF][Stopped/Disabled]
<System32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Stopped/Manual Start]
<System32\DRIVERS\HSF_SAMP.sys><Conexant>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[PS/2 Keyboard Filter Driver for WinXp / Skkbdf][Running/Manual Start]
<System32\DRIVERS\Skkbdf.sys><Silitek Corp.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
<\??\D:\Program Files\SkyNet\Firewall\SkyProcs.sys><N/A>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\drivers\UIUSys.sys><Conexant>
[winachsf / winachsf][Stopped/Manual Start]
<System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
limilaw - 2007-7-16 16:04:00
==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, >
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <D:\PROGRA~1\FLASHGET\getflash.dll, www.flashget.com>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\FlashGet.exe, FlashGet.com>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\windows\System32\msdxm.ocx, Microsoft Corporation>
[FavImport Class]
{03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} <C:\WINDOWS\Downloaded Program Files\ImportAx.dll, Microsoft Corp.>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[163Uploader Control]
{8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\System32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
limilaw - 2007-7-16 16:06:00
==================================
正在运行的进程
[PID: 128][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 180][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\sxs.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 204][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp1.020828-1920)]
[C:\windows\System32\ODBC32.dll] [Microsoft Corporation, 3.520.9030.0]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[C:\windows\System32\SHSVCS.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125)]
[C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SSMWinlogonEx.dll] [System Safety Limited, 2.2.0.602]
[C:\windows\System32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]
limilaw - 2007-7-16 16:06:00
[PID: 672][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125)]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\System32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp1.020828-1920)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\themeui.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msutb.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\windows\System32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\shimgvw.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2 (xpsp1.020828-1920)]
[C:\windows\System32\msi.dll] [Microsoft Corporation, 3.1.4000.2435]
[C:\windows\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[C:\windows\System32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ODBC32.dll] [Microsoft Corporation, 3.520.9030.0]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 764][C:\windows\System32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\VDMDBG.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ole32.dll] [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
limilaw - 2007-7-16 16:06:00
[PID: 928][D:\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.010817-1148)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125)]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1211]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Sensapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\wsock32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\windows\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
limilaw - 2007-7-16 16:07:00
========Content========
[PID: 928][D:\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1230 (xpsp2.030527-2026)]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.010817-1148)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125)]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1211]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Sensapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\wsock32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\windows\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
limilaw - 2007-7-16 16:59:00
找到问题症结了,原来是启动项的值前面多了个分号……
�火影忍者 - 2007-7-16 17:21:00
SREng-启动项目->注册表->删除以下启动项目
<mppds><C:\windows\mppds.exe> [N/A]
删除下面的服务
[DE7C283C / DE7C283C][Stopped/Auto Start]
<C:\windows\System32\D95111CE.EXE -k><N/A>
删除
C:\windows\mppds.exe
C:\windows\System32\D95111CE.EXE
1
© 2000 - 2026 Rising Corp. Ltd.