瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮忙看一下,是不是新病毒或变种(安全模式下删除无效,还是没用!)

12   1  /  2  页   跳转

帮忙看一下,是不是新病毒或变种(安全模式下删除无效,还是没用!)

收藏
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:18 | 只看楼主 短消息 资料
字号: 1楼

帮忙看一下,是不是新病毒或变种(安全模式下删除无效,还是没用!)

近日,系统中发现新增名为microsoft.exe的用户进程和dcomsvr.exe系统进程。
使用资源管理器单独终止microsoft.exe时系统会重新加入进程,先终止dcomsvr.exe在终止microsoft.exe系统大约会在5分钟后重新加入这两个进程。
google搜索microsoft.exe为高波病毒,dcomsvr.exe没有信息,使用高波专杀(卡卡助手和金山高波专杀工具)却无法发现病毒。


最后编辑2007-04-13 15:47:30
分享到:
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:19 | 只看楼主 短消息 资料
字号: 2楼



[DCOMSvr.EXE]
PID=0xc30
CommandLine=C:\WINDOWS\system32\DCOMSvr.EXE
DCOMSvr.EXE
0x400000
C:\WINDOWS\system32\DCOMSvr.EXE



2007-04-1310:44:58

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:20 | 只看楼主 短消息 资料
字号: 3楼




[microsoft.exe]
PID=0x9b8
CommandLine=C:\WINDOWS\system32\microsoft.exeC:\WINDOWS\system32\wscuiex.cpl,Run
microsoft.exe
0x1000000
C:\WINDOWS\system32\microsoft.exe
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RunaDLLasanApp
2004-08-0400:52:38

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTImageHelper
2004-08-0400:52:12

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

wscuiex.cpl
0x10000000
C:\WINDOWS\system32\wscuiex.cpl
1,0,0,0
mcsoft
动态链接库
2007-04-1301:51:58

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.032-BitDLL
2004-08-0400:52:28

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.0HelperforWindowsNT
2004-08-0400:52:28

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2726(xpsp_sp2_gdr.050725-1528)
MicrosoftCorporation
MicrosoftOLEforWindows
2005-07-2612:39:50

WININET.dll
0x76680000
C:\WINDOWS\system32\wininet.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
InternetExtensionsforWin32
2007-01-0421:38:44

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
CryptoAPI32
2004-08-0400:52:08

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ASN.1RuntimeAPIs
2004-08-0400:52:16

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
MicrosoftCorporation

2004-08-0400:52:22

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

urlmon.dll
0x75c60000
C:\WINDOWS\system32\urlmon.dll
6.00.2900.3072(xpsp_sp2_gdr.070124-2319)
MicrosoftCorporation
OLE32ExtensionsforWin32
2007-01-2520:52:06

VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
VersionCheckingandFileInstallationLibraries
2004-08-0400:52:26

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2976(xpsp_sp2_gdr.060817-0106)
MicrosoftCorporation
NetWin32APIDLL
2006-08-1720:29:48

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

uxtheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftUxThemeLibrary
2004-08-0400:52:26

MSCTF.dll
0x74680000
C:\WINDOWS\system32\MSCTF.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MSCTFServerDLL
2004-08-0400:52:16

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTextFrameWorkServiceIME
2004-08-0400:51:20

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

CLBCATQ.DLL
0x76fa0000
C:\WINDOWS\system32\clbcatq.dll
2001.12.4414.308
MicrosoftCorporation

2005-07-2612:39:46

COMRes.dll
0x77020000
C:\WINDOWS\system32\comres.dll
2001.12.4414.258
MicrosoftCorporation

2004-08-0400:52:08

shdocvw.dll
0x7e550000
C:\WINDOWS\system32\shdocvw.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellDocObjectandControlLibrary
2007-01-0421:38:32

CRYPTUI.dll
0x75430000
C:\WINDOWS\system32\cryptui.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustUIProvider
2004-08-0400:52:08

WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustVerificationAPIs
2004-08-0400:52:28

WLDAP32.dll
0x76f30000
C:\WINDOWS\system32\wldap32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Win32LDAPAPIDLL
2004-08-0400:52:28

xpsp2res.dll
0x20000000
C:\WINDOWS\system32\xpsp2res.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ServicePack2Messages
2004-08-0400:51:48

msi.dll
0xc70000
C:\WINDOWS\system32\msi.dll
3.1.4000.2435
MicrosoftCorporation
WindowsInstaller
2005-05-0414:45:32

SXS.DLL
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.3019(xpsp_sp2_gdr.061019-0414)
MicrosoftCorporation
Fusion2.5
2006-10-2009:37:48

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24

shell32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

mlang.dll
0x74cf0000
C:\WINDOWS\system32\mlang.dll
6.00.2900.2530(xpsp.040919-1030)
MicrosoftCorporation
MultiLanguageSupportDLL
2004-10-1604:54:42

wsock32.dll
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket32-BitDLL
2004-08-0400:52:28

mswsock.dll
0x719c0000
C:\WINDOWS\system32\mswsock.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftWindowsSockets2.0ServiceProvider
2004-08-0400:52:20

hnetcfg.dll
0x60fd0000
C:\WINDOWS\system32\hnetcfg.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
HomeNetworkingConfigurationManager
2004-08-0400:52:12

RASAPI32.DLL
0x76eb0000
C:\WINDOWS\system32\rasapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessAPI
2004-08-0400:52:22

rasman.dll
0x76e60000
C:\WINDOWS\system32\rasman.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessConnectionManager
2004-08-0400:52:24

TAPI32.dll
0x76e80000
C:\WINDOWS\system32\tapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Microsoft(R)Windows(TM)TelephonyAPIClientDLL
2004-08-0400:52:26

rtutils.dll
0x76e50000
C:\WINDOWS\system32\rtutils.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RoutingUtilities
2004-08-0400:52:24

WINMM.dll
0x76b10000
C:\WINDOWS\system32\winmm.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MCIAPIDLL
2004-08-0400:52:28

wshtcpip.dll
0x71a00000
C:\WINDOWS\system32\wshtcpip.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocketsHelperDLL
2004-08-0400:52:28

msv1_0.dll
0x77c40000
C:\WINDOWS\system32\msv1_0.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftAuthenticationPackagev1.0
2004-08-0400:52:20

iphlpapi.dll
0x76d30000
C:\WINDOWS\system32\iphlpapi.dll
5.1.2600.2912(xpsp_sp2_gdr.060519-0003)
MicrosoftCorporation
IPHelperAPI
2006-05-1921:14:08

sensapi.dll
0x72240000
C:\WINDOWS\system32\sensapi.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SENSConnectivityAPIDLL
2004-08-0400:52:24

USERENV.dll
0x759d0000
C:\WINDOWS\system32\userenv.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Userenv
2004-08-0400:52:26

rsaenh.dll
0xffd0000
C:\WINDOWS\system32\rsaenh.dll
5.1.2600.2161(xpsp.040706-1629)
MicrosoftCorporation
MicrosoftEnhancedCryptographicProvider
2004-08-0322:31:44

ieprot.dll
0x16e0000
C:\ProgramFiles\Rising\AntiSpyware\ieprot.dll
1,0,0,10
BeijingRisingTechnologyCo.,Ltd.
IEProtector
2007-04-1310:13:26

DNSAPI.dll
0x76ef0000
C:\WINDOWS\system32\dnsapi.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
DNSClientAPIDLL
2006-06-2701:41:40

rasadhlp.dll
0x76f90000
C:\WINDOWS\system32\rasadhlp.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
RemoteAccessAutoDialHelper
2006-06-2701:41:40
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:21 | 只看楼主 短消息 资料
字号: 4楼

早上发过一次,似乎被删了,希望别再删了我
gototop
 
过客2007
头像
版主
  • 帖子:16652
  • 注册: 2006-10-18
  • 来自:¤懒神↗之家£
年度优秀版主奖一帮一小组成员
发表于: 2007-04-13 14:30 | 短消息 资料
字号: 5楼

自助尝试解决:
http://forum.ikaka.com/topic.asp?board=28&artid=8297091
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-04-13 14:31 | 短消息 资料
字号: 6楼

去下载sreng2,关闭qq,下载软件等一切不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
http://www.kztechs.com/sreng/sreng2.zip
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:39 | 只看楼主 短消息 资料
字号: 7楼

[CODE]

2007-04-13,14:21:53

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <vptray><C:\Program Files\NavNT\vptray.exe>  [Symantec Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <Acrobat Assistant 7.0><"d:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <WangWang><"C:\Program Files\Alisoft\WangWang\WangWang.EXE">  [阿里软件(中国)有限公司]
    <FlashGet><D:\Program Files\FlashGet\FlashGet.exe /min>  [(Verified)Trend Media Corporation Limited]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  []

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[DefWatch / DefWatch][Running/Auto Start]
  <"C:\Program Files\NavNT\defwatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 客户端 / Norton AntiVirus Server][Running/Auto Start]
  <"C:\Program Files\NavNT\rtvscan.exe"><Symantec Corporation>
[SingleService / SingleService][Stopped/Auto Start]
  <C:\WINDOWS\system32\SingleServiceRMS.exe><Microsoft Corporation>
[DCOM Client / DCOMClient][Running/Auto Start]
  <C:\WINDOWS\system32\DCOMSvr.EXE><N/A>

==================================
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:41 | 只看楼主 短消息 资料
字号: 8楼

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CMB8100 / CMB8100][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fiifhhic / fiifhhic][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\fiifhhic.sys><N/A>
[UsbKey / jxkey][Running/Manual Start]
  <system32\DRIVERS\jxkey.sys><Jiangxin Technology Co.,Ltd.>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\Program Files\NavNT\NAVAP.sys><N/A>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\C:\Program Files\NavNT\NAVAPEL.SYS><N/A>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070404.032\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070404.032\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[profilenh / profilenh][Running/System Start]
  <system32\drivers\profilenh.sys><Microsoft Corporation>
[proregnh / proregnh][Running/System Start]
  <system32\drivers\proregnh.sys><Windows System Internal>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>

==================================
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:41 | 只看楼主 短消息 资料
字号: 9楼

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll, BitComet>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Browser Class]
  {D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[NSHelp Class]
  {485D813E-EE26-4DF8-9FAF-DEDF2885306E} <C:\WINDOWS\Downloaded Program Files\nshelp.dll, Microsoft Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll, BitComet>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Browser Class]
  {D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用BitComet下载]
  <res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[转换为 Adobe PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
gototop
 
simonqqq
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 14:43 | 只看楼主 短消息 资料
字号: 10楼

==================================
正在运行的进程
[PID: 520][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [d:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\dla\tfswshx.dll]  [Sonic Solutions, 1.04.07b]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.07b]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.07b]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 7.60.00.926]
    [d:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 316][C:\Program Files\NavNT\vptray.exe]  [Symantec Corporation, 7.60.00.926]
    [C:\Program Files\NavNT\Cliproxy.dll]  [Symantec Corporation, 7.60.00.926]
    [C:\Program Files\NavNT\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\Program Files\NavNT\Cliscan.dll]  [Symantec Corporation, 7.60.00.926]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 876][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 54]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2060][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe]  [Adobe Systems Inc., 6.0.1.2004121400]
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2080][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.03.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.03.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.0.6.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.11.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2088][C:\WINDOWS\system32\dla\tfswctrl.exe]  [Sonic Solutions, 1.04.07b]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.07b]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.07b]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2196][C:\WINDOWS\system32\CTFMON.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2652][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2488][C:\WINDOWS\system32\microsoft.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wscuiex.cpl]  [mcsoft, 1, 0, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3776][E:\Downloads\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Downloads\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT