启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(MSNShell)(C:\Program Files\MSNShell\BIN\MSNShell.exe autorun) [N/A]
(msnmsgr)("C:\Program Files\MSN Messenger\msnmsgr.exe" /background) [(Verified)Microsoft Corporation]
(updateMgr)(C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IgfxTray)(C:\WINDOWS\system32\igfxtray.exe) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(HotKeysCmds)(C:\WINDOWS\system32\hkcmd.exe) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(PRONoMgr.exe)(C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe) [Intel(R) Corporation]
(kav)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe") [Kaspersky Lab]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
(WinlogonNotify: klogon)(C:\WINDOWS\system32\klogon.dll) [Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\梦想水~1.SCR) []




--------------------------------------------------------------------------------



启动文件夹

[Adobe Reader Speed Launch]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --) C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated])(N)



--------------------------------------------------------------------------------



服务

[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r)(Kaspersky Lab)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
(C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe)(Microsoft Corporation)
[MSSQLServerOLAPService / MSSQLServerOLAPService][Running/Auto Start]
(C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe)(Microsoft Corporation)
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
("C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe")(Nokia.)



--------------------------------------------------------------------------------



驱动程序

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
(system32\DRIVERS\e100b325.sys)(Intel Corporation)
[ialm / ialm][Running/Manual Start]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[kl1 / kl1][Running/Boot Start]
(\SystemRoot\system32\drivers\kl1.sys)(Kaspersky Lab)
[klif / klif][Running/System Start]
(\??\C:\WINDOWS\system32\drivers\klif.sys)(Kaspersky Lab)
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
(system32\drivers\nmwcdc.sys)(Nokia)
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
(system32\drivers\nmwcdcm.sys)(Nokia)
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
(system32\drivers\nmwcd.sys)(Nokia)
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
(system32\drivers\nmwcdcj.sys)(Nokia)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\d:\Program Files\Tencent\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[rurqub0 / rurqub08][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\rurqub08.sys)(N/A)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (, N/A)
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (, N/A)
[MSN Shell 4]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} (C:\Program Files\MSNShell\Bin\MSNShell.exe, N/A)
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} (http://my.xunlei.com, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.)
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Microsoft ProgressBar Control, version 5.0 (SP2)]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} (C:\WINDOWS\system32\comctl32.ocx, Microsoft Corporation)
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} (C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (, N/A)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation)
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.)

正在运行的进程

[PID: 644][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 112][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\contmenu.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 276][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.3929]
[PID: 444][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3929]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3929]
[PID: 488][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\Program Files\MSNShell\BIN\MSNShell.exe] [N/A, ]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 668][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSNShell\BIN\ShellDll02.dll] [MSNShell Team, 4.2.28.16]
[C:\Program Files\MSNShell\BIN\Skin\SkinPlusPlusDLL.dll] [, 1, 0, 0, 1]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corporation, 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\WINDOWS\system32\msaud32.acm] [Microsoft Corporation, 8.00.00.4487]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
[PID: 2664][C:\GENERSOFT\MYGS_PSERIES\dwbb.exe] [, ]
[C:\Program Files\Sybase\Shared\PowerBuilder\PBVM90.dll] [Sybase Inc., 9.0.2.7534]
[C:\Program Files\Sybase\Shared\PowerBuilder\libjcc.dll] [N/A, ]
[C:\Program Files\Sybase\Shared\PowerBuilder\pbMSS90.dll] [Sybase Inc., 9.0.2.7534]
[C:\WINDOWS\system32\ntwdblib.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\GENERSOFT\MYGS_PSERIES\ameng.DLL] [天机小组, 1.0.0.15]
[C:\Program Files\Sybase\Shared\PowerBuilder\pbdwe90.dll] [Sybase Inc., 9.0.2.7534]
[C:\WINDOWS\system32\Gif89.dll] [, 1, 0, 0, 1]
[PID: 1020][C:\Program Files\同花顺核新\LiveUpdate.exe] [上海核新软件技术有限公司, 2006, 11, 2, 0]
[C:\Program Files\同花顺核新\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[PID: 1684][D:\Program Files\Foxmail\Foxmail.exe] [Boda Network Technology Inc., 5.0]
[D:\Program Files\Foxmail\FoxAntiSpam.dll] [N/A, ]
[D:\Program Files\Foxmail\3rdParty\punylib.dll] [CNNIC, 1, 0, 0, 3]
[PID: 4020][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 2560][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 1264][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.249.1]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\zh-cn\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.249.1]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 3844][C:\Documents and Settings\zjy\桌面\Iparmor\iparmor.exe] [luosoft.com, 5.5.0.0]
[C:\Documents and Settings\zjy\桌面\Iparmor\getportlistxp.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zjy\桌面\Iparmor\hookhookdll.dll] [N/A, ]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, ]
[PID: 212][C:\Documents and Settings\zjy\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [C:\WINDOWS\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



API HOOK

RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEE94EB25)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEE94ED67)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEE94EF0B)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEE94EC49)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xEE94EE8F)



--------------------------------------------------------------------------------



隐藏进程

N/A

有高人能看出是什么病毒来么?

这是什么版本的啊?先做次系统修复先~~~~~