|
|
我的电脑中了rootkit.agent.aaf 和 trojan.mnless.mjk两个病毒,用瑞星怎么也杀不掉,提示重启后删除,可重启了还是无效,病毒文件依然存在。
对应文件为 C:\WINDOWS\system32\drivers\pzhop.dll 和 C:\WINDOWS\system32\anmaf.sys
我试过强制删除,也在网上搜了一些对于rootkit.agent和trojan.mnless的专杀工具,可能版本过老,病毒是变种,还是无法删除。。
sre扫描日志是这样的
[Copy to clipboard] [ - ]CODE:
2007-06-12,15:50:38
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<IgfxTray><C:\WINNT\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINNT\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
<BHDCRegC><C:\WINNT\system32\BHDCRegC.exe> [SHHIC]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [(Verified)China Internet Network Information Center]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ssstars.scr> [(Verified)Microsoft Windows 2000 Publisher]
==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Acrobat Assistant]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> E:\Adobe\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]><N>
==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ClipManage / MouTALS][Stopped/Auto Start]
<C:\WINNT\SYSTEM32\RUNDLLFOROUR.EXE C:\WINNT\SYSTEM32\WBEM\WIBUI.DLL,Export 1087><Microsoft Corporation>
[P4P Service / P4P Service][Running/Auto Start]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Remote Registry Protect / Trial][Running/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\hiqqn.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
<System32\Drivers\usbdriver.sys><BHDC>
[cdddgebf / cdddgebf][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cdddgebf.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[grro / grrop][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\grrop.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys>< arallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
<System32\DRIVERS\Rtlnic5.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <E:\Kingsoft\XDict\IEPlugin.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, >
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\system32\INPUTC~1.DLL, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\system32\SUBMIT~1.DLL, >
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINNT\system32\USBKey.dll, >
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\必备软件\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<E:\Program Files\必备软件\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\必备软件\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\必备软件\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 920][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[c:\winnt\system32\hiqqn.dll] [Microsoft Corporation, 5.1.2600.0]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[E:\WinRAR\rarext.dll] [N/A, ]
[PID: 976][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1212][C:\WINNT\system32\igfxtray.exe] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.2350]
[PID: 1280][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxhk.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.2350]
[PID: 1320][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1328][C:\WINNT\system32\RunDll32.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 41, 6]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[PID: 1340][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 8, 4, 130]
[C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Thunder Network\WebThunder\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\Program Files\Thunder Network\WebThunder\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 24]
[C:\Program Files\Thunder Network\WebThunder\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
[C:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
[C:\Program Files\Thunder Network\WebThunder\Inmedia\iEmbedShell.dll] [ , 1, 0, 0, 19]
[C:\Program Files\Thunder Network\WebThunder\InMedia\iEmbed10.dll] [ , 3, 3, 1, 83]
[C:\Program Files\Thunder Network\WebThunder\CacheServer.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.50.2162.0]
[PID: 1372][C:\WINNT\system32\BHDCRegC.exe] [SHHIC, 1.01]
[C:\WINNT\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1444][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1500][E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe] [Adobe Systems Inc., 6.0.0.2003051500]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 936][C:\WINNT\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINNT\system32\wucltui.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINNT\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINNT\system32\wucltui.dll.mui] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 316][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1748][C:\WINNT\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1828][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll] [N/A, ]
[E:\Adobe\Acrobat 6.0\Acrobat\ATL.DLL] [Microsoft Corporation, 3.00.8449]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\PROGRA~1\OCINS\ieaux.dll] [中国互联网络信息中心(CNNIC), 2, 6, 0, 0]
[C:\PROGRA~1\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[PID: 2276][E:\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1888][D:\肚皮舞\sreng24\sreng24\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
==================================
文件关联
.TXT Error. [C:\WINNT\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
================================== |
|
IP卡
狗仔卡
发表于 2007-6-12 17:57
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
发表于 2007-6-12 19:11
楼主
|小黑屋|《唐诗宋词》网站
( 苏ICP备2021032776号 )