SRE扫描结果如下:
- 2007-05-30,12:50:45
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
- <STDSB><C:\WINDOWS\system32\STDSB.exe> []
- <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Publisher]
- <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
- <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
- <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
- <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
- <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
- <ymfqplr><C:\WINDOWS\system32\oduxyym.exe> []
- <kudxrkr><C:\WINDOWS\system32\veckdld.exe> []
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><""C:\Program Files\Herosoft\Hero 9\解霸屏保.SCR""> [N/A]
- ==================================
- 启动文件夹
- [Adobe Reader Speed Launch]
- <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
- ==================================
- 服务
- [卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
- <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
- [Rising Personal Firewall Service / RfwService][Running/Auto Start]
- <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
- [SmartLinkService / SLService][Running/Auto Start]
- <slserv.exe><>
- ==================================
- 驱动程序
- [Rising TDI Base Driver / BaseTDI][Running/Auto Start]
- <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
- [C-Media WDM Audio Interface / cmuda][Running/Manual Start]
- <system32\drivers\cmuda.sys><C-Media Inc>
- [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
- <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
- [HookUrl / HookUrl][Running/Auto Start]
- <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
- [ialm / ialm][Running/Manual Start]
- <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [mProcRs / mProcRs][Running/Auto Start]
- <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
- [Scroll Bar Driver / MTC0003_STDSB][Running/Auto Start]
- <system32\STDSB.sys><>
- [Mtlmnt5 / Mtlmnt5][Running/Manual Start]
- <system32\DRIVERS\Mtlmnt5.sys><>
- [Mtlstrm / Mtlstrm][Stopped/Manual Start]
- <system32\DRIVERS\Mtlstrm.sys><>
- [NtMtlFax / NtMtlFax][Stopped/Manual Start]
- <system32\DRIVERS\NtMtlFax.sys><>
- [NTSIM / NTSIM][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\ntsim.sys><VIA Technologies, Inc.>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [RecAgent / RecAgent][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys><Smart Link>
- [RsFwDrv / RsFwDrv][Running/Auto Start]
- <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
- <system32\DRIVERS\slntamr.sys><>
- [SlNtHal / SlNtHal][Stopped/Manual Start]
- <system32\DRIVERS\Slnthal.sys><>
- [SlWdmSup / SlWdmSup][Running/Manual Start]
- <system32\DRIVERS\SlWdmSup.sys><Vireo Software>
- [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
- <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
- [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
- <system32\drivers\ialmsbw.sys><Intel Corporation>
- [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
- <system32\drivers\ialmkchw.sys><Intel Corporation>
- [360TimeProt / 360TimeProt][Running/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys><N/A>
- ==================================
- 浏览器加载项
- [WebThunder Browser Helper]
- {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
- [NavigatMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
- [Web反病毒统计]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
- [信息检索(&R)]
- {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
- [启动Web迅雷]
- {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
- [QQ]
- {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
- [Messenger]
- {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
- [WebThunder Browser Helper]
- {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
- [WebThunder Class]
- {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
- [Windows Media Player]
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [NavigatMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
- [上传到QQ网络硬盘]
- <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
- [使用Web迅雷下载]
- <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
- [使用Web迅雷下载全部链接]
- <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
- [使用超级解霸播放]
- <C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
- [添加到QQ表情]
- <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
- [用QQ彩信发送该图片]
- <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 624][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 676][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 748][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 760][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 916][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1052][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1544][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\WINDOWS\system32\mxkeybd.dll] [N/A, ]
- [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\msdmo.dll] [, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.2.621]
- [PID: 244][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.2172]
- [PID: 252][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2172]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 268][C:\WINDOWS\system32\STDSB.exe] [N/A, ]
- [C:\WINDOWS\system32\mxkeybd.dll] [N/A, ]
- [PID: 276][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 284][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 340][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
- [PID: 424][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 3832][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 66]
- [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
- [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
- [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
- [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
- [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 560][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [PID: 988][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 4, 0, 1001]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\mxkeybd.dll] [N/A, ]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
- [PID: 3656][D:\Download\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.4.4 27Mar03]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- [D:\]
- [AutoRun]
- open=ymfqplr.exe
- shell\open=打开(&O)
- shell\open\Command=ymfqplr.exe
- shell\open\Default=1
- shell\explore=资源管理器(&X)
- shell\explore\Command=ymfqplr.exe
- [F:\]
- [AutoRun]
- open=ymfqplr.exe
- shell\open=打开(&O)
- shell\open\Command=ymfqplr.exe
- shell\open\Default=1
- shell\explore=资源管理器(&X)
- shell\explore\Command=ymfqplr.exe
- [G:\]
- [AutoRun]
- open=ymfqplr.exe
- shell\open=打开(&O)
- shell\open\Command=ymfqplr.exe
- shell\open\Default=1
- shell\explore=资源管理器(&X)
- shell\explore\Command=ymfqplr.exe
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0C55AF0)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0C55CD0)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0C55E30)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0C55BE0)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF0C55DE0)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
[ 本帖最后由 alicelijing1 于 2007-5-30 16:27 编辑 ] |